From 8309677fb69965209a634ac80f0182f28e3005ea Mon Sep 17 00:00:00 2001 From: Krish Suchak Date: Fri, 5 Jun 2026 17:31:59 -0400 Subject: [PATCH 1/2] feat(policy): DSPX-2754 DynamicValueMapping protos + generated code Protocol-first half of the dynamic attribute value entitlement work: adds the DynamicValueMapping / DynamicValueResolver messages and DynamicValueOperatorEnum to objects.proto, and a dedicated DynamicValueMappingService (policy.dynamicvaluemapping), plus regenerated protocol/go and OpenAPI/gRPC docs. No service implementation here. This lands and releases protocol/go first so the consumer PR (#3568) can require the new version and pass per-module 'go mod tidy'. Refs: DSPX-2754, DSPX-3498 Signed-off-by: Krish Suchak --- docs/grpc/index.html | 6099 +++++++++-------- .../authorization/authorization.openapi.yaml | 7 + .../dynamic_value_mapping.openapi.yaml | 1454 ++++ docs/openapi/policy/objects.openapi.yaml | 78 + .../subject_mapping.openapi.yaml | 1 + protocol/go/go.mod | 2 + .../dynamic_value_mapping.pb.go | 1312 ++++ .../dynamic_value_mapping_grpc.pb.go | 258 + .../dynamic_value_mapping.connect.go | 238 + protocol/go/policy/objects.pb.go | 961 ++- .../dynamic_value_mapping.proto | 173 + service/policy/objects.proto | 62 + 12 files changed, 7625 insertions(+), 3020 deletions(-) create mode 100644 docs/openapi/policy/dynamicvaluemapping/dynamic_value_mapping.openapi.yaml create mode 100644 protocol/go/policy/dynamicvaluemapping/dynamic_value_mapping.pb.go create mode 100644 protocol/go/policy/dynamicvaluemapping/dynamic_value_mapping_grpc.pb.go create mode 100644 protocol/go/policy/dynamicvaluemapping/dynamicvaluemappingconnect/dynamic_value_mapping.connect.go create mode 100644 service/policy/dynamicvaluemapping/dynamic_value_mapping.proto diff --git a/docs/grpc/index.html b/docs/grpc/index.html index a59d73dd56..0dfdd58073 100644 --- a/docs/grpc/index.html +++ b/docs/grpc/index.html @@ -241,6 +241,14 @@

Table of Contents

MConditionGroup +
  • + MDynamicValueMapping +
    • + +
  • + MDynamicValueResolver +
    • +
  • MKasKey
    • @@ -370,6 +378,10 @@

    Table of Contents

    EConditionBooleanTypeEnum +
  • + EDynamicValueOperatorEnum +
    • +
  • EKasPublicKeyAlgEnum
    • @@ -1067,6 +1079,200 @@

    Table of Contents

    +
  • + policy/subjectmapping/subject_mapping.proto + +
    • + + +
  • + policy/dynamicvaluemapping/dynamic_value_mapping.proto + +
    • + +
  • policy/kasregistry/key_access_server_registry.proto
      @@ -1854,249 +2060,118 @@

      Table of Contents

    • - policy/subjectmapping/subject_mapping.proto + policy/unsafe/unsafe.proto +
      • + + +
    • + wellknownconfiguration/wellknown_configuration.proto + -
      • - - -
    • - policy/unsafe/unsafe.proto - -
      • - - -
    • - wellknownconfiguration/wellknown_configuration.proto -
        - -
      • - MGetWellKnownConfigurationRequest -
        • - -
      • - MGetWellKnownConfigurationResponse -
        • - -
      • - MWellKnownConfig -
        • - -
      • - MWellKnownConfig.ConfigurationEntry + MWellKnownConfig.ConfigurationEntry
        • @@ -2708,6 +2783,106 @@

        ConditionGroup

        +

        DynamicValueMapping

        +

        Dynamic Value Mapping: a Policy assigning permitted action(s) to

        dynamically-requested values under an Attribute Definition. It raises entitlement

        authority from a concrete Attribute Value to the Attribute Definition: at decision time

        the value_resolver compares the requested resource value segment against the entity

        representation, avoiding pre-provisioning a value + subject mapping per discrete value.

        + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
        FieldTypeLabelDescription
        idstring

        attribute_definitionAttribute

        the Attribute Definition whose values are entitled dynamically

        value_resolverDynamicValueResolver

        the dynamic resolver matched against the requested resource value segment

        subject_condition_setSubjectConditionSet

        optional static pre-gate on the entity, evaluated with normal SubjectConditionSet +semantics (no dynamic overload). When present, both the gate and the resolver must +pass for entitlement.

        actionsActionrepeated

        the actions permitted by subjects in this mapping

        namespaceNamespace

        the namespace containing this mapping

        metadatacommon.Metadata

        + + + + + +

        DynamicValueResolver

        +

        Definition Value Resolver: the dynamic half of a DynamicValueMapping. It

        resolves a selector against the entity representation and compares the result to the

        requested resource value segment using a DynamicValueOperatorEnum.

        + + + + + + + + + + + + + + + + + + + + + + + +
        FieldTypeLabelDescription
        subject_external_selector_valuestring

        a selector for a field value on a flattened Entity Representation (such as from +idP/LDAP), e.g. ".patientAssignments[]"

        operatorDynamicValueOperatorEnum

        the dynamic operator comparing the selector result to the resource value segment

        + + + + +

        KasKey

        @@ -4201,6 +4376,37 @@

        ConditionBooleanTypeEnum

        +

        DynamicValueOperatorEnum

        +

        Operators for dynamic, definition-level value entitlement. Unlike

        SubjectMappingOperatorEnum, whose right-hand operand is a static list authored into

        policy, a DynamicValueOperatorEnum's right-hand operand is the requested resource's

        attribute value segment, supplied at decision time. Each value is the inversion of its

        static SubjectMappingOperatorEnum counterpart.

        + + + + + + + + + + + + + + + + + + + + + + + + + +
        NameNumberDescription
        DYNAMIC_VALUE_OPERATOR_ENUM_UNSPECIFIED0

        DYNAMIC_VALUE_OPERATOR_ENUM_RESOURCE_VALUE_IN1

        true when the requested resource value segment equals one of the values resolved by +the selector against the entity representation (inversion of IN)

        DYNAMIC_VALUE_OPERATOR_ENUM_RESOURCE_VALUE_IN_CONTAINS2

        true when one of the selector-resolved entity values contains the requested resource +value segment as a substring (inversion of IN_CONTAINS)

        +

        KasPublicKeyAlgEnum

        @@ -9545,12 +9751,12 @@

        Methods with idempotency_level option

        -

        policy/kasregistry/key_access_server_registry.proto

        Top +

        policy/subjectmapping/subject_mapping.proto

        Top

        -

        ActivatePublicKeyRequest

        +

        CreateSubjectConditionSetRequest

        @@ -9561,32 +9767,22 @@

        ActivatePublicKeyRequest

        - + + + + + + + + - -
        idsubject_condition_setSubjectConditionSetCreate

        namespace_id string

        - - - - - -

        ActivatePublicKeyResponse

        -

        - - - - - - - - - - + + @@ -9598,8 +9794,8 @@

        ActivatePublicKeyResponse< -

        ChangeMappings

        -

        Simplified information about the resources that were rotated as part of the key rotation process.

        +

        CreateSubjectConditionSetResponse

        +

        FieldTypeLabelDescription
        keypolicy.Keynamespace_fqnstring

        @@ -9609,15 +9805,8 @@

        ChangeMappings

        - - - - - - - - - + + @@ -9629,7 +9818,7 @@

        ChangeMappings

        -

        CreateKeyAccessServerRequest

        +

        CreateSubjectMappingRequest

        @@ -9640,38 +9829,56 @@

        CreateKeyAccessServerRe

        - + - + - - + + + + + + + + + - + - - + + - + - + - + + + + + + + + - + @@ -9681,7 +9888,7 @@

        CreateKeyAccessServerRe -

        CreateKeyAccessServerResponse

        +

        CreateSubjectMappingResponse

        @@ -9692,8 +9899,8 @@

        CreateKeyAccessServerR

        - - + + @@ -9705,8 +9912,15 @@

        CreateKeyAccessServerR -

        CreateKeyRequest

        -

        Create a new asymmetric key for the specified Key Access Server (KAS)

        +

        DeleteAllUnmappedSubjectConditionSetsRequest

        +

        Prune any Subject Condition Sets not utilized within a Subject Mapping

        + + + + + +

        DeleteAllUnmappedSubjectConditionSetsResponse

        +

        idstring

        fqnstringsubject_condition_setpolicy.SubjectConditionSet

        uriattribute_value_id string

        Required

        Required +Attribute Value to be mapped to

        public_keypolicy.PublicKeyactionspolicy.Actionrepeated

        Required +The actions permitted by subjects in this mapping

        existing_subject_condition_set_idstring

        Deprecated

        Either of the following: +Reuse existing SubjectConditionSet (NOTE: prioritized over new_subject_condition_set)

        source_typepolicy.SourceTypenew_subject_condition_setSubjectConditionSetCreate

        Optional

        Create new SubjectConditionSet (NOTE: ignored if existing_subject_condition_set_id is provided)

        namenamespace_id string

        Optional

        Optional +Namespace ID or FQN for the subject mapping

        namespace_fqnstring
        metadata common.MetadataMutable

        Common metadata

        Optional

        key_access_serverpolicy.KeyAccessServersubject_mappingpolicy.SubjectMapping

        @@ -9716,84 +9930,34 @@

        CreateKeyRequest

        - - - - - - - - - - - - - - - - - - + + + + - - - - - +
        kas_idstring

        Required - -The unique identifier of the Key Access Server

        key_idstring

        Required - -A user-defined identifier for the key

        key_algorithmpolicy.Algorithm

        Required - -The algorithm to be used for the key

        		subject_condition_setspolicy.SubjectConditionSetrepeated

        Only IDs of any deleted Subject Condition Set provided

        key_modepolicy.KeyMode

        Required +

        -The mode of the key (e.g., local or external)

        - - - - public_key_ctx - policy.PublicKeyCtx - -

        Required + -Context or additional data specific to the public key, based on the key provider implementation

        - - - - private_key_ctx - policy.PrivateKeyCtx - -

        Conditionally Required + + +

        DeleteSubjectConditionSetRequest

        +

        -Context or additional data specific to the private key, based on the key provider implementation

        - + + + + + + - + - - - - - - - - - - - - - - - + @@ -9803,8 +9967,8 @@

        CreateKeyRequest

        -

        CreateKeyResponse

        -

        Response to a CreateKeyRequest, containing the created asymmetric key

        +

        DeleteSubjectConditionSetResponse

        +

        FieldTypeLabelDescription
        provider_config_idid string

        Optional - -Configuration ID for the key provider, if applicable

        legacybool

        Optional - -Whether the key is a legacy key

        metadatacommon.MetadataMutable

        Common metadata - -Mutable metadata for the key

        Required

        @@ -9814,10 +9978,10 @@

        CreateKeyResponse

        - - + + - + @@ -9827,7 +9991,7 @@

        CreateKeyResponse

        -

        CreatePublicKeyRequest

        +

        DeleteSubjectMappingRequest

        @@ -9838,26 +10002,12 @@

        CreatePublicKeyRequest

        - + - - - - - - - - - - - - - -
        kas_keypolicy.KasKeysubject_condition_setpolicy.SubjectConditionSet

        The created asymmetric key for a KAS.

        Only ID of deleted Subject Condition Set provided

        kas_idid string

        Required

        keypolicy.KasPublicKey

        Required

        metadatacommon.MetadataMutable

        Common metadata

        @@ -9865,7 +10015,7 @@

        CreatePublicKeyRequest

        -

        CreatePublicKeyResponse

        +

        DeleteSubjectMappingResponse

        @@ -9876,10 +10026,10 @@

        CreatePublicKeyResponse

        - key - policy.Key + subject_mapping + policy.SubjectMapping -

        +

        Only ID of the updated Subject Mapping provided

        @@ -9889,7 +10039,7 @@

        CreatePublicKeyResponse

        -

        DeactivatePublicKeyRequest

        +

        GetSubjectConditionSetRequest

        @@ -9903,7 +10053,7 @@

        DeactivatePublicKeyReques id string -

        +

        Required

        @@ -9913,7 +10063,7 @@

        DeactivatePublicKeyReques -

        DeactivatePublicKeyResponse

        +

        GetSubjectConditionSetResponse

        @@ -9924,12 +10074,19 @@

        DeactivatePublicKeyRespo - key - policy.Key + subject_condition_set + policy.SubjectConditionSet

        + + associated_subject_mappings + policy.SubjectMapping + repeated +

        contextualized Subject Mappings associated with this SubjectConditionSet

        + + @@ -9937,7 +10094,7 @@

        DeactivatePublicKeyRespo -

        DeleteKeyAccessServerRequest

        +

        GetSubjectMappingRequest

        @@ -9961,7 +10118,7 @@

        DeleteKeyAccessServerRe -

        DeleteKeyAccessServerResponse

        +

        GetSubjectMappingResponse

        @@ -9972,8 +10129,8 @@

        DeleteKeyAccessServerR - key_access_server - policy.KeyAccessServer + subject_mapping + policy.SubjectMapping

        @@ -9985,14 +10142,7 @@

        DeleteKeyAccessServerR -

        GetBaseKeyRequest

        -

        - - - - - -

        GetBaseKeyResponse

        +

        ListSubjectConditionSetsRequest

        @@ -10003,86 +10153,45 @@

        GetBaseKeyResponse

        - base_key - policy.SimpleKasKey + namespace_id + string -

        The current base key

        - - - - - - - - - -

        GetKeyAccessServerRequest

        -

        - - - - - - - - - - - - - + - + - + - - + + - + - - - - + + + +
        FieldTypeLabelDescription
        idstring

        Deprecated. Deprecated

        kas_idnamespace_fqn string

        option (buf.validate.oneof).required = true; // TODO: enable this when we remove the deprecated field

        namestringpaginationpolicy.PageRequest

        Optional

        uristring

        		sortSubjectConditionSetsSortrepeated

        Optional - CONSTRAINT: max 1 item +Sort defaults: + - direction UNSPECIFIED defaults to DESC for the specified field + - field UNSPECIFIED defaults to created_at with the specified direction + - both UNSPECIFIED or sort omitted defaults to created_at DESC

        - - -

        Fields with deprecated option

        - - - - - - - - - - - - - - - -
        NameOption
        id

        true

        - - -

        GetKeyAccessServerResponse

        +

        ListSubjectConditionSetsResponse

        @@ -10093,8 +10202,15 @@

        GetKeyAccessServerRespons - key_access_server - policy.KeyAccessServer + subject_condition_sets + policy.SubjectConditionSet + repeated +

        + + + + pagination + policy.PageResponse

        @@ -10106,8 +10222,8 @@

        GetKeyAccessServerRespons -

        GetKeyRequest

        -

        Retrieve an existing asymmetric key from the Key Management System

        +

        ListSubjectMappingsRequest

        +

        @@ -10117,19 +10233,37 @@

        GetKeyRequest

        - + - + - - + + + + + + + + + + + + + + + +
        idnamespace_id string

        The unique identifier of the key to retrieve

        keyKasKeyIdentifiernamespace_fqnstring

        paginationpolicy.PageRequest

        Optional

        sortSubjectMappingsSortrepeated

        Optional - CONSTRAINT: max 1 item +Sort defaults: + - direction UNSPECIFIED defaults to DESC for the specified field + - field UNSPECIFIED defaults to created_at with the specified direction + - both UNSPECIFIED or sort omitted defaults to created_at DESC

        @@ -10137,8 +10271,8 @@

        GetKeyRequest

        -

        GetKeyResponse

        -

        Response to a GetKeyRequest, containing the requested asymmetric key

        +

        ListSubjectMappingsResponse

        +

        @@ -10148,10 +10282,17 @@

        GetKeyResponse

        - - + + + + + + + + + - + @@ -10161,8 +10302,8 @@

        GetKeyResponse

        -

        GetPublicKeyRequest

        -

        +

        MatchSubjectMappingsRequest

        +

        MatchSubjectMappingsRequest liberally returns a list of SubjectMappings based on the provided SubjectProperties.

        The SubjectMappings are returned if an external selector field matches.

        kas_keypolicy.KasKeysubject_mappingspolicy.SubjectMappingrepeated

        paginationpolicy.PageResponse

        The requested asymmetric key for a KAS.

        @@ -10172,9 +10313,9 @@

        GetPublicKeyRequest

        - - - + + + @@ -10185,7 +10326,7 @@

        GetPublicKeyRequest

        -

        GetPublicKeyResponse

        +

        MatchSubjectMappingsResponse

        @@ -10196,9 +10337,9 @@

        GetPublicKeyResponse

        - - - + + + @@ -10209,8 +10350,8 @@

        GetPublicKeyResponse

        -

        GrantedPolicyObject

        -

        Can be namespace, attribute definition, or value

        +

        SubjectConditionSetCreate

        +

        idstringsubject_propertiespolicy.SubjectPropertyrepeated

        keypolicy.Keysubject_mappingspolicy.SubjectMappingrepeated

        @@ -10220,17 +10361,18 @@

        GrantedPolicyObject

        - - - - + + + + - - + + - + @@ -10240,8 +10382,8 @@

        GrantedPolicyObject

        -

        KasKeyIdentifier

        -

        Nested message for specifying the active key using KAS ID and Key ID

        +

        SubjectConditionSetsSort

        +

        idstring

        		subject_setspolicy.SubjectSetrepeated

        Required

        fqnstringmetadatacommon.MetadataMutable

        Optional +Common metadata

        @@ -10251,33 +10393,19 @@

        KasKeyIdentifier

        - - - - - - - - - + + - - + + - - - - - - -
        kas_idstring

        namestringfieldSortSubjectConditionSetsType

        uristringdirectionpolicy.SortDirection

        kidstring

        Required Key ID of the key in question

        @@ -10285,7 +10413,7 @@

        KasKeyIdentifier

        -

        KasKeysSort

        +

        SubjectMappingsSort

        @@ -10297,7 +10425,7 @@

        KasKeysSort

        field - SortKasKeysType + SortSubjectMappingsType

        @@ -10316,8 +10444,8 @@

        KasKeysSort

        -

        KeyAccessServerGrants

        -

        Deprecated

        +

        UpdateSubjectConditionSetRequest

        +

        @@ -10327,30 +10455,31 @@

        KeyAccessServerGrants

        - - + + - + - - + + - + - - - - + + + + - - - + + + @@ -10361,7 +10490,7 @@

        KeyAccessServerGrants

        -

        KeyAccessServersSort

        +

        UpdateSubjectConditionSetResponse

        @@ -10372,17 +10501,10 @@

        KeyAccessServersSort

        - - - - - - - - - + + - + @@ -10392,7 +10514,7 @@

        KeyAccessServersSort

        -

        KeyMapping

        +

        UpdateSubjectMappingRequest

        @@ -10403,38 +10525,40 @@

        KeyMapping

        - + - + - + - + - - + + - + - - - - + + + + - - - - + + + + @@ -10444,8 +10568,8 @@

        KeyMapping

        -

        ListKeyAccessServerGrantsRequest

        -

        LIST of KAS Grants returns flat response of grants to all policy objects. It

        does not employ selectors for grants to specific policy objects or build the

        attribute tree relation. If grants to a known namespace, attribute, or value

        are needed, use the respective GET request to the specific policy object.

        +

        UpdateSubjectMappingResponse

        +

        key_access_serverpolicy.KeyAccessServeridstring

        Required

        namespace_grantsGrantedPolicyObjectsubject_setspolicy.SubjectSet repeated

        Optional +If provided, replaces entire existing structure of Subject Sets, Condition Groups, & Conditions

        attribute_grantsGrantedPolicyObjectrepeated

        		metadatacommon.MetadataMutable

        Common metadata

        value_grantsGrantedPolicyObjectrepeatedmetadata_update_behaviorcommon.MetadataUpdateEnum

        fieldSortKeyAccessServersType

        directionpolicy.SortDirectionsubject_condition_setpolicy.SubjectConditionSet

        Only ID of updated Subject Condition Set provided

        kidid string

        Required

        kas_urisubject_condition_set_id string

        Optional +Replaces the existing SubjectConditionSet id with a new one

        namespace_mappingsMappedPolicyObjectactionspolicy.Action repeated

        List of namespaces mapped to the key

        Optional +Replaces entire list of actions permitted by subjects

        attribute_mappingsMappedPolicyObjectrepeated

        List of attribute definitions mapped to the key

        		metadatacommon.MetadataMutable

        Common metadata

        value_mappingsMappedPolicyObjectrepeated

        List of attribute values mapped to the key

        		metadata_update_behaviorcommon.MetadataUpdateEnum
        @@ -10455,38 +10579,292 @@

        ListKeyAccessServer

        - + + + + + + + +
        kas_idsubject_mappingpolicy.SubjectMapping

        Only ID of the updated Subject Mapping provided

        + + + + + + + +

        SortSubjectConditionSetsType

        +

        + + + + + + + + + + + + + + + + + + + + + + + + + +
        NameNumberDescription
        SORT_SUBJECT_CONDITION_SETS_TYPE_UNSPECIFIED0

        SORT_SUBJECT_CONDITION_SETS_TYPE_CREATED_AT1

        SORT_SUBJECT_CONDITION_SETS_TYPE_UPDATED_AT2

        + +

        SortSubjectMappingsType

        +

        + + + + + + + + + + + + + + + + + + + + + + + + + +
        NameNumberDescription
        SORT_SUBJECT_MAPPINGS_TYPE_UNSPECIFIED0

        SORT_SUBJECT_MAPPINGS_TYPE_CREATED_AT1

        SORT_SUBJECT_MAPPINGS_TYPE_UPDATED_AT2

        + + + + + +

        SubjectMappingService

        +

        + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
        Method NameRequest TypeResponse TypeDescription
        MatchSubjectMappingsMatchSubjectMappingsRequestMatchSubjectMappingsResponse

        Find matching Subject Mappings for a given Subject

        ListSubjectMappingsListSubjectMappingsRequestListSubjectMappingsResponse

        GetSubjectMappingGetSubjectMappingRequestGetSubjectMappingResponse

        CreateSubjectMappingCreateSubjectMappingRequestCreateSubjectMappingResponse

        UpdateSubjectMappingUpdateSubjectMappingRequestUpdateSubjectMappingResponse

        DeleteSubjectMappingDeleteSubjectMappingRequestDeleteSubjectMappingResponse

        ListSubjectConditionSetsListSubjectConditionSetsRequestListSubjectConditionSetsResponse

        GetSubjectConditionSetGetSubjectConditionSetRequestGetSubjectConditionSetResponse

        CreateSubjectConditionSetCreateSubjectConditionSetRequestCreateSubjectConditionSetResponse

        UpdateSubjectConditionSetUpdateSubjectConditionSetRequestUpdateSubjectConditionSetResponse

        DeleteSubjectConditionSetDeleteSubjectConditionSetRequestDeleteSubjectConditionSetResponse

        DeleteAllUnmappedSubjectConditionSetsDeleteAllUnmappedSubjectConditionSetsRequestDeleteAllUnmappedSubjectConditionSetsResponse

        + + + + +

        Methods with idempotency_level option

        + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
        Method NameOption
        ListSubjectMappings

        NO_SIDE_EFFECTS

        GetSubjectMapping

        NO_SIDE_EFFECTS

        ListSubjectConditionSets

        NO_SIDE_EFFECTS

        GetSubjectConditionSet

        NO_SIDE_EFFECTS

        + + + + +
        +

        policy/dynamicvaluemapping/dynamic_value_mapping.proto

        Top +
        +

        + + +

        CreateDynamicValueMappingRequest

        +

        + + + + + + + + + + - + - + - + - + + + + + + + + + + + + + + + - + - - + + + + + + + + + + + + + + + + + + + + + + + @@ -10498,8 +10876,8 @@

        ListKeyAccessServer -

        ListKeyAccessServerGrantsResponse

        -

        Deprecated

        +

        CreateDynamicValueMappingResponse

        +

        FieldTypeLabelDescription
        attribute_definition_id string

        Optional -Filter LIST by ID of a registered Key Access Server. -If neither is provided, grants from all registered KASs to policy attribute -objects are returned.

        kas_uriattribute_definition_fqn string

        Optional -Filter LIST by URI of a registered Key Access Server. -If none is provided, grants from all registered KASs to policy attribute -objects are returned.

        kas_namevalue_resolverpolicy.DynamicValueResolver

        Required: the dynamic resolver comparing entity selector result to the resource value segment

        actionspolicy.Actionrepeated

        Required: actions permitted on a matched value

        existing_subject_condition_set_id string

        Optional -Filter LIST by name of a registered Key Access Server. -If none are provided, grants from all registered KASs to policy attribute -objects are returned.

        Optional static pre-gate. Reuse an existing SubjectConditionSet (prioritized) ...

        paginationpolicy.PageRequestnew_subject_condition_setpolicy.subjectmapping.SubjectConditionSetCreate

        ... or create a new one (ignored if existing_subject_condition_set_id is provided)

        namespace_idstring

        Optional: namespace ID or FQN for the mapping

        namespace_fqnstring

        metadatacommon.MetadataMutable

        Optional

        @@ -10509,15 +10887,8 @@

        ListKeyAccessServe

        - - - - - - - - - + + @@ -10526,31 +10897,58 @@

        ListKeyAccessServe

        grantsKeyAccessServerGrantsrepeated

        Deprecated.

        paginationpolicy.PageResponsedynamic_value_mappingpolicy.DynamicValueMapping

        - - -

        Fields with deprecated option

        - - + + + +

        DeleteDynamicValueMappingRequest

        +

        + + +
        + + + + + - - + + + + - - + + +
        FieldTypeLabelDescription
        NameOptionidstring

        Required

        + + + + + +

        DeleteDynamicValueMappingResponse

        +

        + + + + + + + - - + + + + - -
        FieldTypeLabelDescription
        grants

        true

        		dynamic_value_mappingpolicy.DynamicValueMapping

        Only ID of the deleted mapping provided

        - + + + -

        ListKeyAccessServersRequest

        +

        DynamicValueMappingsSort

        @@ -10561,21 +10959,17 @@

        ListKeyAccessServersRequ - pagination - policy.PageRequest + field + SortDynamicValueMappingsType -

        Optional

        +

        - sort - KeyAccessServersSort - repeated -

        Optional - CONSTRAINT: max 1 item -Sort defaults: - - direction UNSPECIFIED defaults to DESC for the specified field - - field UNSPECIFIED defaults to created_at with the specified direction - - both UNSPECIFIED or sort omitted defaults to created_at DESC

        + direction + policy.SortDirection + +

        @@ -10585,7 +10979,7 @@

        ListKeyAccessServersRequ -

        ListKeyAccessServersResponse

        +

        GetDynamicValueMappingRequest

        @@ -10596,15 +10990,32 @@

        ListKeyAccessServersRes - key_access_servers - policy.KeyAccessServer - repeated -

        + id + string + +

        Required

        + + + + + + + +

        GetDynamicValueMappingResponse

        +

        + + + + + + + + - - + + @@ -10616,7 +11027,7 @@

        ListKeyAccessServersRes -

        ListKeyMappingsRequest

        +

        ListDynamicValueMappingsRequest

        @@ -10627,15 +11038,16 @@

        ListKeyMappingsRequest

        - + - + - - + + @@ -10644,7 +11056,14 @@

        ListKeyMappingsRequest

        - + + + + + + + + @@ -10654,7 +11073,7 @@

        ListKeyMappingsRequest

        -

        ListKeyMappingsResponse

        +

        ListDynamicValueMappingsResponse

        @@ -10665,17 +11084,17 @@

        ListKeyMappingsResponse

        - - + + - + - + @@ -10685,8 +11104,8 @@

        ListKeyMappingsResponse

        -

        ListKeysRequest

        -

        List all asymmetric keys managed by a specific Key Access Server or with a given algorithm

        +

        UpdateDynamicValueMappingRequest

        +

        FieldTypeLabelDescription
        paginationpolicy.PageResponsedynamic_value_mappingpolicy.DynamicValueMapping

        idnamespace_id string

        The unique identifier of the key to retrieve

        Optional +Namespace ID, or Attribute Definition ID to filter by

        keyKasKeyIdentifierattribute_definition_idstring

        pagination policy.PageRequest

        Pagination request for the list of keys

        Optional

        sortDynamicValueMappingsSortrepeated

        Optional - CONSTRAINT: max 1 item

        key_mappingsKeyMappingdynamic_value_mappingspolicy.DynamicValueMapping repeated

        The list of key mappings

        pagination policy.PageResponse

        Pagination response for the list of keys

        @@ -10696,60 +11115,45 @@

        ListKeysRequest

        - - - - - - - - + - + - - + + - + - + - + - - - - + + + + - - + + - + - - - - + + + + @@ -10759,8 +11163,8 @@

        ListKeysRequest

        -

        ListKeysResponse

        -

        Response to a ListKeysRequest, containing the list of asymmetric keys and pagination information

        +

        UpdateDynamicValueMappingResponse

        +

        key_algorithmpolicy.Algorithm

        Filter keys by algorithm

        kas_idid string

        Filter keys by the KAS ID

        Required

        kas_namestringvalue_resolverpolicy.DynamicValueResolver

        Filter keys by the KAS name

        Optional: replace the dynamic resolver

        kas_urisubject_condition_set_id string

        Filter keys by the KAS URI

        Optional: replace the static pre-gate SubjectConditionSet by id

        legacybooloptional

        Optional - -Filter for legacy keys

        		actionspolicy.Actionrepeated

        Optional: replace the entire list of actions

        paginationpolicy.PageRequestmetadatacommon.MetadataMutable

        Optional - -Pagination request for the list of keys

        Common metadata

        sortKasKeysSortrepeated

        Optional - CONSTRAINT: max 1 item -Sort defaults: - - direction UNSPECIFIED defaults to DESC for the specified field - - field UNSPECIFIED defaults to created_at with the specified direction - - both UNSPECIFIED or sort omitted defaults to created_at DESC

        		metadata_update_behaviorcommon.MetadataUpdateEnum
        @@ -10770,17 +11174,10 @@

        ListKeysResponse

        - - - - - - - - - + + - + @@ -10790,49 +11187,137 @@

        ListKeysResponse

        -

        ListPublicKeyMappingRequest

        + + +

        SortDynamicValueMappingsType

        +

        +
        kas_keyspolicy.KasKeyrepeated

        The list of kas keys

        paginationpolicy.PageResponsedynamic_value_mappingpolicy.DynamicValueMapping

        Pagination response for the list of keys

        + + + + + + + + + + + + + + + + + + + + + + + + +
        NameNumberDescription
        SORT_DYNAMIC_VALUE_MAPPINGS_TYPE_UNSPECIFIED0

        SORT_DYNAMIC_VALUE_MAPPINGS_TYPE_CREATED_AT1

        SORT_DYNAMIC_VALUE_MAPPINGS_TYPE_UPDATED_AT2

        + + + + + +

        DynamicValueMappingService

        + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
        Method NameRequest TypeResponse TypeDescription
        ListDynamicValueMappingsListDynamicValueMappingsRequestListDynamicValueMappingsResponse

        GetDynamicValueMappingGetDynamicValueMappingRequestGetDynamicValueMappingResponse

        CreateDynamicValueMappingCreateDynamicValueMappingRequestCreateDynamicValueMappingResponse

        UpdateDynamicValueMappingUpdateDynamicValueMappingRequestUpdateDynamicValueMappingResponse

        DeleteDynamicValueMappingDeleteDynamicValueMappingRequestDeleteDynamicValueMappingResponse

        - + + +

        Methods with idempotency_level option

        +
        - + + + + + + + + + + + + + + + + + + +
        FieldTypeLabelDescription
        Method NameOption
        ListDynamicValueMappings

        NO_SIDE_EFFECTS

        GetDynamicValueMapping

        NO_SIDE_EFFECTS

        + + + + +
        +

        policy/kasregistry/key_access_server_registry.proto

        Top +
        +

        + + +

        ActivatePublicKeyRequest

        +

        + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + - + @@ -10842,7 +11327,7 @@

        ListPublicKeyMappingRequ -

        ListPublicKeyMappingResponse

        +

        ActivatePublicKeyResponse

        @@ -10853,15 +11338,8 @@

        ListPublicKeyMappingRes

        - - - - - - - - - + + @@ -10873,8 +11351,8 @@

        ListPublicKeyMappingRes -

        ListPublicKeyMappingResponse.Association

        -

        +

        ChangeMappings

        +

        Simplified information about the resources that were rotated as part of the key rotation process.

        FieldTypeLabelDescription
        kas_idstring

        Optional

        kas_namestring

        Optional

        kas_uristring

        Optional

        public_key_idstring

        Optional Public Key ID

        paginationpolicy.PageRequestidstring

        Optional

        public_key_mappingsListPublicKeyMappingResponse.PublicKeyMappingrepeated

        paginationpolicy.PageResponsekeypolicy.Key

        @@ -10904,7 +11382,7 @@

        ListPublicK -

        ListPublicKeyMappingResponse.PublicKey

        +

        CreateKeyAccessServerRequest

        @@ -10915,31 +11393,38 @@

        ListPublicKey

        - - + + - + - - - - + + + + - - - - + + + + - - - - + + + + + + + + + + + @@ -10949,7 +11434,7 @@

        ListPublicKey -

        ListPublicKeyMappingResponse.PublicKeyMapping

        +

        CreateKeyAccessServerResponse

        @@ -10960,33 +11445,12 @@

        ListPu

        - - - - - - - - - - - - - - - - + + - - - - - - -
        keypolicy.Keyuristring

        Required

        valuesListPublicKeyMappingResponse.Associationrepeated

        		public_keypolicy.PublicKey

        Deprecated

        definitionsListPublicKeyMappingResponse.Associationrepeated

        		source_typepolicy.SourceType

        Optional

        namespacesListPublicKeyMappingResponse.Associationrepeated

        		namestring

        Optional

        metadatacommon.MetadataMutable

        Common metadata

        kas_idstring

        kas_namestring

        kas_uristringkey_access_serverpolicy.KeyAccessServer

        public_keysListPublicKeyMappingResponse.PublicKeyrepeated
        @@ -10994,8 +11458,8 @@

        ListPu -

        ListPublicKeysRequest

        -

        +

        CreateKeyRequest

        +

        Create a new asymmetric key for the specified Key Access Server (KAS)

        @@ -11008,90 +11472,81 @@

        ListPublicKeysRequest

        - + - + - + - - + + - + - - + + - - - - -
        kas_id string

        Optional

        Required + +The unique identifier of the Key Access Server

        kas_namekey_id string

        Optional

        Required + +A user-defined identifier for the key

        kas_uristringkey_algorithmpolicy.Algorithm

        Optional

        Required + +The algorithm to be used for the key

        paginationpolicy.PageRequestkey_modepolicy.KeyMode

        Optional

        - - - - - -

        ListPublicKeysResponse

        -

        +

        Required - - - - - - +The mode of the key (e.g., local or external)

        + - - - - + + + + - - + + - + - -
        FieldTypeLabelDescription
        keyspolicy.Keyrepeated

        		public_key_ctxpolicy.PublicKeyCtx

        Required + +Context or additional data specific to the public key, based on the key provider implementation

        paginationpolicy.PageResponseprivate_key_ctxpolicy.PrivateKeyCtx

        Conditionally Required + +Context or additional data specific to the private key, based on the key provider implementation

        - - - - - -

        MappedPolicyObject

        -

        + + provider_config_id + string + +

        Optional - - - - - - +Configuration ID for the key provider, if applicable

        + - - + + - + - - + + - + @@ -11101,8 +11556,8 @@

        MappedPolicyObject

        -

        RotateKeyRequest

        -

        +

        CreateKeyResponse

        +

        Response to a CreateKeyRequest, containing the created asymmetric key

        FieldTypeLabelDescription
        idstringlegacybool

        The unique identifier of the policy object

        Optional + +Whether the key is a legacy key

        fqnstringmetadatacommon.MetadataMutable

        The fully qualified name of the policy object

        Common metadata + +Mutable metadata for the key

        @@ -11112,24 +11567,10 @@

        RotateKeyRequest

        - - - - - - - - - - - - - - - - + + - + @@ -11139,8 +11580,8 @@

        RotateKeyRequest

        -

        RotateKeyRequest.NewKey

        -

        Nested message for specifying the new key details

        +

        CreatePublicKeyRequest

        +

        idstring

        Current Active Key UUID

        keyKasKeyIdentifier

        Alternative way to specify the active key using KAS ID and Key ID

        new_keyRotateKeyRequest.NewKeykas_keypolicy.KasKey

        Information about the new key to be rotated in

        The created asymmetric key for a KAS.

        @@ -11150,54 +11591,24 @@

        RotateKeyRequest.NewKey

        - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + - + - + @@ -11207,8 +11618,8 @@

        RotateKeyRequest.NewKey

        -

        RotateKeyResponse

        -

        Response message for the RotateKey request

        +

        CreatePublicKeyResponse

        +

        key_idkas_id string

        Required

        algorithmpolicy.Algorithm

        Required

        key_modepolicy.KeyMode

        Required

        public_key_ctxpolicy.PublicKeyCtx

        Required

        private_key_ctxpolicy.PrivateKeyCtx

        Required

        provider_config_idstringkeypolicy.KasPublicKey

        Conditionally Required. - -Validation handled by message-level CEL

        Required

        metadata common.MetadataMutable

        Common metadata fields

        Common metadata

        @@ -11218,17 +11629,10 @@

        RotateKeyResponse

        - - - - - - - - - + + - + @@ -11238,8 +11642,8 @@

        RotateKeyResponse

        -

        RotatedResources

        -

        All resources that were rotated as part of the key rotation process

        +

        DeactivatePublicKeyRequest

        +

        kas_keypolicy.KasKey

        The newly rotated Kas Key

        rotated_resourcesRotatedResourceskeypolicy.Key

        All resources that were rotated as part of the key rotation process

        @@ -11249,30 +11653,33 @@

        RotatedResources

        - - + + - - - - - - - - - - - - - + +
        rotated_out_keypolicy.KasKeyidstring

        The old key that was rotated out

        attribute_definition_mappingsChangeMappingsrepeated

        attribute_value_mappingsChangeMappingsrepeated

        + + + + + +

        DeactivatePublicKeyResponse

        +

        + + + + + + + - - - + + + @@ -11283,8 +11690,8 @@

        RotatedResources

        -

        SetBaseKeyRequest

        -

        Sets the specified key as the base key for the Key Access Server

        Note: The key must be active.

        +

        DeleteKeyAccessServerRequest

        +

        FieldTypeLabelDescription
        namespace_mappingsChangeMappingsrepeatedkeypolicy.Key

        @@ -11297,14 +11704,7 @@

        SetBaseKeyRequest

        - - - - - - - - + @@ -11314,7 +11714,7 @@

        SetBaseKeyRequest

        -

        SetBaseKeyResponse

        +

        DeleteKeyAccessServerResponse

        @@ -11325,17 +11725,41 @@

        SetBaseKeyResponse

        - - + + - + + +
        id string

        Current Key UUID tp be set as default

        keyKasKeyIdentifier

        Alternative way to specify the key using KAS ID and Key ID

        Required

        new_base_keypolicy.SimpleKasKeykey_access_serverpolicy.KeyAccessServer

        The key that was set as base

        + + + + + +

        GetBaseKeyRequest

        +

        + + + + + +

        GetBaseKeyResponse

        +

        + + + + + + + + - + - + @@ -11345,7 +11769,7 @@

        SetBaseKeyResponse

        -

        UpdateKeyAccessServerRequest

        +

        GetKeyAccessServerRequest

        @@ -11359,53 +11783,102 @@

        UpdateKeyAccessServerRe

        - + - + - + - - + + - + - - + + - + + + + +
        FieldTypeLabelDescription
        previous_base_keybase_key policy.SimpleKasKey

        The previous base key, if any

        The current base key

        id string

        Required

        Deprecated. Deprecated

        urikas_id string

        Optional

        option (buf.validate.oneof).required = true; // TODO: enable this when we remove the deprecated field

        public_keypolicy.PublicKeynamestring

        Deprecated -Optional

        source_typepolicy.SourceTypeuristring

        Optional -Using UNSPECIFIED will result in a successful update, -but will not actually update the underlying source. -You should not update KAS's from INTERNAL/EXTERNAL -to unspecified.

        + + + + +

        Fields with deprecated option

        + + + + + + + - - + + + + + +
        NameOption
        namestringid

        true

        + + + + + +

        GetKeyAccessServerResponse

        +

        + + + + + + + + + + + - + + +
        FieldTypeLabelDescription
        key_access_serverpolicy.KeyAccessServer

        Optional

        + + + + + +

        GetKeyRequest

        +

        Retrieve an existing asymmetric key from the Key Management System

        + + + + + + + + - - + + - + - - + + @@ -11417,8 +11890,8 @@

        UpdateKeyAccessServerRe -

        UpdateKeyAccessServerResponse

        -

        +

        GetKeyResponse

        +

        Response to a GetKeyRequest, containing the requested asymmetric key

        FieldTypeLabelDescription
        metadatacommon.MetadataMutableidstring

        Optional -Common metadata

        The unique identifier of the key to retrieve

        metadata_update_behaviorcommon.MetadataUpdateEnumkeyKasKeyIdentifier

        @@ -11428,10 +11901,10 @@

        UpdateKeyAccessServerR

        - - + + - + @@ -11441,8 +11914,8 @@

        UpdateKeyAccessServerR -

        UpdateKeyRequest

        -

        Update an existing asymmetric key in the Key Management System

        +

        GetPublicKeyRequest

        +

        key_access_serverpolicy.KeyAccessServerkas_keypolicy.KasKey

        The requested asymmetric key for a KAS.

        @@ -11455,26 +11928,31 @@

        UpdateKeyRequest

        - + - - - - - +
        id string

        Required - -The unique identifier of the key to update

        metadatacommon.MetadataMutable

        Optional -Common metadata +

        -Mutable metadata for the key

        - + + + + +

        GetPublicKeyResponse

        +

        + + + + + + + - - + + - + @@ -11484,8 +11962,8 @@

        UpdateKeyRequest

        -

        UpdateKeyResponse

        -

        Response to an UpdateKeyRequest, containing the updated asymmetric key

        +

        GrantedPolicyObject

        +

        Can be namespace, attribute definition, or value

        FieldTypeLabelDescription
        metadata_update_behaviorcommon.MetadataUpdateEnumkeypolicy.Key

        The behavior for updating the metadata

        @@ -11495,10 +11973,17 @@

        UpdateKeyResponse

        - - + + - + + + + + + + + @@ -11508,8 +11993,8 @@

        UpdateKeyResponse

        -

        UpdatePublicKeyRequest

        -

        +

        KasKeyIdentifier

        +

        Nested message for specifying the active key using KAS ID and Key ID

        kas_keypolicy.KasKeyidstring

        The updated kas key

        fqnstring
        @@ -11519,27 +12004,33 @@

        UpdatePublicKeyRequest

        - + - + - - + + - + - - + + + + + + + + +
        idkas_id string

        Required

        metadatacommon.MetadataMutablenamestring

        Optional -Common metadata

        metadata_update_behaviorcommon.MetadataUpdateEnumuristring

        kidstring

        Required Key ID of the key in question

        @@ -11547,7 +12038,7 @@

        UpdatePublicKeyRequest

        -

        UpdatePublicKeyResponse

        +

        KasKeysSort

        @@ -11558,274 +12049,156 @@

        UpdatePublicKeyResponse

        - key - policy.Key + field + SortKasKeysType + +

        + + + + direction + policy.SortDirection

        - - - - - - - - -

        SortKasKeysType

        -

        - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
        NameNumberDescription
        SORT_KAS_KEYS_TYPE_UNSPECIFIED0

        SORT_KAS_KEYS_TYPE_KEY_ID1

        SORT_KAS_KEYS_TYPE_CREATED_AT2

        SORT_KAS_KEYS_TYPE_UPDATED_AT3

        - -

        SortKeyAccessServersType

        -

        - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
        NameNumberDescription
        SORT_KEY_ACCESS_SERVERS_TYPE_UNSPECIFIED0

        SORT_KEY_ACCESS_SERVERS_TYPE_NAME1

        SORT_KEY_ACCESS_SERVERS_TYPE_URI2

        SORT_KEY_ACCESS_SERVERS_TYPE_CREATED_AT3

        SORT_KEY_ACCESS_SERVERS_TYPE_UPDATED_AT4

        - - - - - -

        KeyAccessServerRegistryService

        -

        - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
        Method NameRequest TypeResponse TypeDescription
        ListKeyAccessServersListKeyAccessServersRequestListKeyAccessServersResponse

        GetKeyAccessServerGetKeyAccessServerRequestGetKeyAccessServerResponse

        CreateKeyAccessServerCreateKeyAccessServerRequestCreateKeyAccessServerResponse

        UpdateKeyAccessServerUpdateKeyAccessServerRequestUpdateKeyAccessServerResponse

        DeleteKeyAccessServerDeleteKeyAccessServerRequestDeleteKeyAccessServerResponse

        ListKeyAccessServerGrantsListKeyAccessServerGrantsRequestListKeyAccessServerGrantsResponse

        Deprecated

        CreateKeyCreateKeyRequestCreateKeyResponse

        KAS Key Management -Request to create a new key in the Key Access Service.

        GetKeyGetKeyRequestGetKeyResponse

        Request to retrieve a key from the Key Access Service.

        ListKeysListKeysRequestListKeysResponse

        Request to list keys in the Key Access Service.

        UpdateKeyUpdateKeyRequestUpdateKeyResponse

        Request to update a key in the Key Access Service.

        RotateKeyRotateKeyRequestRotateKeyResponse

        Request to rotate a key in the Key Access Service.

        SetBaseKeySetBaseKeyRequestSetBaseKeyResponse

        Request to set the default a default kas key.

        GetBaseKeyGetBaseKeyRequestGetBaseKeyResponse

        Get Default kas keys

        ListKeyMappingsListKeyMappingsRequestListKeyMappingsResponse

        Request to list key mappings in the Key Access Service.

        + - - -

        Methods with deprecated option

        - + + + +

        KeyAccessServerGrants

        +

        Deprecated

        + + +
        - - - - + - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
        Method NameOption
        FieldTypeLabelDescription
        ListKeyAccessServerGrants

        true

        key_access_serverpolicy.KeyAccessServer

        namespace_grantsGrantedPolicyObjectrepeated

        attribute_grantsGrantedPolicyObjectrepeated

        value_grantsGrantedPolicyObjectrepeated
        + + - - -

        Methods with idempotency_level option

        - + +

        KeyAccessServersSort

        +

        + + +
        - - - - + - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + +
        Method NameOption
        FieldTypeLabelDescription
        ListKeyAccessServers

        NO_SIDE_EFFECTS

        GetKeyAccessServer

        NO_SIDE_EFFECTS

        ListKeyAccessServerGrants

        NO_SIDE_EFFECTS

        fieldSortKeyAccessServersType

        directionpolicy.SortDirection
        + + - -
        -

        policy/keymanagement/key_management.proto

        Top -
        -

        +

        KeyMapping

        +

        + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
        FieldTypeLabelDescription
        kidstring

        kas_uristring

        namespace_mappingsMappedPolicyObjectrepeated

        List of namespaces mapped to the key

        attribute_mappingsMappedPolicyObjectrepeated

        List of attribute definitions mapped to the key

        value_mappingsMappedPolicyObjectrepeated

        List of attribute values mapped to the key

        + + + -

        CreateProviderConfigRequest

        -

        Provider Configuration Requests and Response Messages

        +

        ListKeyAccessServerGrantsRequest

        +

        LIST of KAS Grants returns flat response of grants to all policy objects. It

        does not employ selectors for grants to specific policy objects or build the

        attribute tree relation. If grants to a known namespace, attribute, or value

        are needed, use the respective GET request to the specific policy object.

        @@ -11835,34 +12208,40 @@

        CreateProviderConfigRe

        - + - + - - + + - + - + - + - - + + - + @@ -11872,8 +12251,8 @@

        CreateProviderConfigRe -

        CreateProviderConfigResponse

        -

        +

        ListKeyAccessServerGrantsResponse

        +

        Deprecated

        namekas_id string

        Required -The name of the key provider. (e.g. "AWS KMS Instance 1", "Google Cloud KMS Instance 2")

        Optional +Filter LIST by ID of a registered Key Access Server. +If neither is provided, grants from all registered KASs to policy attribute +objects are returned.

        config_jsonbyteskas_uristring

        Required -JSON configuration for the key provider. This is unique to individual key providers.

        Optional +Filter LIST by URI of a registered Key Access Server. +If none is provided, grants from all registered KASs to policy attribute +objects are returned.

        managerkas_name string

        Required -The type of key manager (e.g. "aws", "gcp", "azure", "opentdf.io/basic")

        Optional +Filter LIST by name of a registered Key Access Server. +If none are provided, grants from all registered KASs to policy attribute +objects are returned.

        metadatacommon.MetadataMutablepaginationpolicy.PageRequest

        Common metadata

        Optional

        @@ -11883,8 +12262,15 @@

        CreateProviderConfigR

        - - + + + + + + + + + @@ -11893,11 +12279,32 @@

        CreateProviderConfigR

        provider_configpolicy.KeyProviderConfiggrantsKeyAccessServerGrantsrepeated

        Deprecated.

        paginationpolicy.PageResponse

        + + +

        Fields with deprecated option

        + + + + + + + + + + + + + + + +
        NameOption
        grants

        true

        + + -

        DeleteProviderConfigRequest

        -

        In order to delete a provider configuration you must first delete all keys associated with the provider.

        +

        ListKeyAccessServersRequest

        +

        @@ -11907,10 +12314,21 @@

        DeleteProviderConfigRe

        - - + + - + + + + + + + + @@ -11920,7 +12338,7 @@

        DeleteProviderConfigRe -

        DeleteProviderConfigResponse

        +

        ListKeyAccessServersResponse

        @@ -11931,8 +12349,15 @@

        DeleteProviderConfigR

        - - + + + + + + + + + @@ -11944,7 +12369,7 @@

        DeleteProviderConfigR -

        GetProviderConfigRequest

        +

        ListKeyMappingsRequest

        @@ -11958,21 +12383,21 @@

        GetProviderConfigRequest<

        - + - - + + - - + + - + @@ -11982,7 +12407,7 @@

        GetProviderConfigRequest< -

        GetProviderConfigResponse

        +

        ListKeyMappingsResponse

        @@ -11993,10 +12418,17 @@

        GetProviderConfigRespons

        - - + + + + + + + + + - + @@ -12006,8 +12438,8 @@

        GetProviderConfigRespons -

        ListProviderConfigsRequest

        -

        +

        ListKeysRequest

        +

        List all asymmetric keys managed by a specific Key Access Server or with a given algorithm

        idstringpaginationpolicy.PageRequest

        Required

        Optional

        sortKeyAccessServersSortrepeated

        Optional - CONSTRAINT: max 1 item +Sort defaults: + - direction UNSPECIFIED defaults to DESC for the specified field + - field UNSPECIFIED defaults to created_at with the specified direction + - both UNSPECIFIED or sort omitted defaults to created_at DESC

        provider_configpolicy.KeyProviderConfigkey_access_serverspolicy.KeyAccessServerrepeated

        paginationpolicy.PageResponse

        id string

        The unique identifier of the key to retrieve

        namestringkeyKasKeyIdentifier

        managerstringpaginationpolicy.PageRequest

        Optional - filter by manager type when searching by name

        Pagination request for the list of keys

        provider_configpolicy.KeyProviderConfigkey_mappingsKeyMappingrepeated

        The list of key mappings

        paginationpolicy.PageResponse

        Pagination response for the list of keys

        @@ -12016,11 +12448,61 @@

        ListProviderConfigsRequ

        + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + + + + + + + + @@ -12030,8 +12512,8 @@

        ListProviderConfigsRequ -

        ListProviderConfigsResponse

        -

        +

        ListKeysResponse

        +

        Response to a ListKeysRequest, containing the list of asymmetric keys and pagination information

        key_algorithmpolicy.Algorithm

        Filter keys by algorithm

        kas_idstring

        Filter keys by the KAS ID

        kas_namestring

        Filter keys by the KAS name

        kas_uristring

        Filter keys by the KAS URI

        legacybooloptional

        Optional + +Filter for legacy keys

        pagination policy.PageRequest

        Optional

        Optional + +Pagination request for the list of keys

        sortKasKeysSortrepeated

        Optional - CONSTRAINT: max 1 item +Sort defaults: + - direction UNSPECIFIED defaults to DESC for the specified field + - field UNSPECIFIED defaults to created_at with the specified direction + - both UNSPECIFIED or sort omitted defaults to created_at DESC

        @@ -12041,17 +12523,17 @@

        ListProviderConfigsRes

        - - + + - + - + @@ -12061,7 +12543,7 @@

        ListProviderConfigsRes -

        UpdateProviderConfigRequest

        +

        ListPublicKeyMappingRequest

        @@ -12072,46 +12554,38 @@

        UpdateProviderConfigRe

        - - - - - - - - + - - + + - + - - + + - + - - + + - + @@ -12121,7 +12595,7 @@

        UpdateProviderConfigRe -

        UpdateProviderConfigResponse

        +

        ListPublicKeyMappingResponse

        @@ -12132,8 +12606,15 @@

        UpdateProviderConfigR

        - - + + + + + + + + + @@ -12145,70 +12626,8 @@

        UpdateProviderConfigR - - - - - - -

        KeyManagementService

        +

        ListPublicKeyMappingResponse.Association

        -
        provider_configspolicy.KeyProviderConfigkas_keyspolicy.KasKey repeated

        The list of kas keys

        pagination policy.PageResponse

        Pagination response for the list of keys

        idstring

        Required

        namekas_id string

        Optional

        config_jsonbyteskas_namestring

        Optional

        managerkas_uri string

        Optional

        metadatacommon.MetadataMutablepublic_key_idstring

        Optional -Common metadata

        Optional Public Key ID

        metadata_update_behaviorcommon.MetadataUpdateEnumpaginationpolicy.PageRequest

        Optional

        provider_configpolicy.KeyProviderConfigpublic_key_mappingsListPublicKeyMappingResponse.PublicKeyMappingrepeated

        paginationpolicy.PageResponse

        - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
        Method NameRequest TypeResponse TypeDescription
        CreateProviderConfigCreateProviderConfigRequestCreateProviderConfigResponse

        Key Management -Provider Management

        GetProviderConfigGetProviderConfigRequestGetProviderConfigResponse

        ListProviderConfigsListProviderConfigsRequestListProviderConfigsResponse

        UpdateProviderConfigUpdateProviderConfigRequestUpdateProviderConfigResponse

        DeleteProviderConfigDeleteProviderConfigRequestDeleteProviderConfigResponse

        - - - - -
        -

        policy/namespaces/namespaces.proto

        Top -
        -

        - - -

        AssignKeyAccessServerToNamespaceRequest

        -

        Deprecated: utilize AssignPublicKeyToNamespaceRequest

        @@ -12218,8 +12637,15 @@

        AssignKeyAcce

        - - + + + + + + + + + @@ -12231,7 +12657,7 @@

        AssignKeyAcce -

        AssignKeyAccessServerToNamespaceResponse

        +

        ListPublicKeyMappingResponse.PublicKey

        @@ -12242,33 +12668,30 @@

        AssignKeyAcc

        - - + + - -
        namespace_key_access_serverNamespaceKeyAccessServeridstring

        fqnstring

        namespace_key_access_serverNamespaceKeyAccessServerkeypolicy.Key

        - - - - - -

        AssignPublicKeyToNamespaceRequest

        -

        Assign Key to Namespace

        - - - - - - - + + + + + + + + + + + + + - - - + + + @@ -12279,7 +12702,7 @@

        AssignPublicKeyToNa -

        AssignPublicKeyToNamespaceResponse

        +

        ListPublicKeyMappingResponse.PublicKeyMapping

        @@ -12290,12 +12713,33 @@

        AssignPublicKeyToN

        - - + + + + + + + + + + + + + + + + + + + + + + +
        FieldTypeLabelDescription
        valuesListPublicKeyMappingResponse.Associationrepeated

        definitionsListPublicKeyMappingResponse.Associationrepeated

        namespace_keyNamespaceKeynamespacesListPublicKeyMappingResponse.Associationrepeated

        namespace_keyNamespaceKeykas_idstring

        kas_namestring

        kas_uristring

        public_keysListPublicKeyMappingResponse.PublicKeyrepeated
        @@ -12303,7 +12747,7 @@

        AssignPublicKeyToN -

        CreateNamespaceRequest

        +

        ListPublicKeysRequest

        @@ -12314,15 +12758,29 @@

        CreateNamespaceRequest

        - name + kas_id string -

        Required

        +

        Optional

        - metadata - common.MetadataMutable + kas_name + string + +

        Optional

        + + + + kas_uri + string + +

        Optional

        + + + + pagination + policy.PageRequest

        Optional

        @@ -12334,7 +12792,7 @@

        CreateNamespaceRequest

        -

        CreateNamespaceResponse

        +

        ListPublicKeysResponse

        @@ -12345,8 +12803,15 @@

        CreateNamespaceResponse

        - namespace - policy.Namespace + keys + policy.Key + repeated +

        + + + + pagination + policy.PageResponse

        @@ -12358,7 +12823,7 @@

        CreateNamespaceResponse

        -

        DeactivateNamespaceRequest

        +

        MappedPolicyObject

        @@ -12372,7 +12837,14 @@

        DeactivateNamespaceRequest id string -

        Required

        +

        The unique identifier of the policy object

        + + + + fqn + string + +

        The fully qualified name of the policy object

        @@ -12382,14 +12854,7 @@

        DeactivateNamespaceRequest -

        DeactivateNamespaceResponse

        -

        - - - - - -

        GetNamespaceRequest

        +

        RotateKeyRequest

        @@ -12403,53 +12868,32 @@

        GetNamespaceRequest

        id string -

        Deprecated. Deprecated

        +

        Current Active Key UUID

        - namespace_id - string + key + KasKeyIdentifier -

        option (buf.validate.oneof).required = true; // TODO: enable this when we remove the deprecated field

        +

        Alternative way to specify the active key using KAS ID and Key ID

        - fqn - string + new_key + RotateKeyRequest.NewKey -

        +

        Information about the new key to be rotated in

        - - -

        Fields with deprecated option

        - - - - - - - - - - - - - - - -
        NameOption
        id

        true

        - - -

        GetNamespaceResponse

        -

        +

        RotateKeyRequest.NewKey

        +

        Nested message for specifying the new key details

        @@ -12459,53 +12903,54 @@

        GetNamespaceResponse

        - - + + - + - -
        namespacepolicy.Namespacekey_idstring

        Required

        - - - - - -

        ListNamespacesRequest

        -

        - - - - - - - + + + + + + - - + + - + - - + + - + - - - - + + + + + + + + + + + + + + + + + + @@ -12515,8 +12960,8 @@

        ListNamespacesRequest

        -

        ListNamespacesResponse

        -

        +

        RotateKeyResponse

        +

        Response message for the RotateKey request

        FieldTypeLabelDescription
        algorithmpolicy.Algorithm

        Required

        statecommon.ActiveStateEnumkey_modepolicy.KeyMode

        Optional -ACTIVE by default when not specified

        Required

        paginationpolicy.PageRequestpublic_key_ctxpolicy.PublicKeyCtx

        Optional

        Required

        sortNamespacesSortrepeated

        Optional - CONSTRAINT: max 1 item -Sort defaults: - - direction UNSPECIFIED defaults to DESC for the specified field - - field UNSPECIFIED defaults to created_at with the specified direction - - both UNSPECIFIED or sort omitted defaults to created_at DESC

        		private_key_ctxpolicy.PrivateKeyCtx

        Required

        provider_config_idstring

        Conditionally Required. + +Validation handled by message-level CEL

        metadatacommon.MetadataMutable

        Common metadata fields

        @@ -12526,17 +12971,17 @@

        ListNamespacesResponse

        - - - - + + + + - - + + - + @@ -12546,8 +12991,8 @@

        ListNamespacesResponse

        -

        NamespaceKey

        -

        +

        RotatedResources

        +

        All resources that were rotated as part of the key rotation process

        namespacespolicy.Namespacerepeated

        		kas_keypolicy.KasKey

        The newly rotated Kas Key

        paginationpolicy.PageResponserotated_resourcesRotatedResources

        All resources that were rotated as part of the key rotation process

        @@ -12557,17 +13002,31 @@

        NamespaceKey

        - - + + - + - - - - + + + + + + + + + + + + + + + + + + @@ -12577,8 +13036,8 @@

        NamespaceKey

        -

        NamespaceKeyAccessServer

        -

        Deprecated

        +

        SetBaseKeyRequest

        +

        Sets the specified key as the base key for the Key Access Server

        Note: The key must be active.

        namespace_idstringrotated_out_keypolicy.KasKey

        Required

        The old key that was rotated out

        key_idstring

        Required (The id from the Asymmetric Key object)

        		attribute_definition_mappingsChangeMappingsrepeated

        attribute_value_mappingsChangeMappingsrepeated

        namespace_mappingsChangeMappingsrepeated
        @@ -12588,17 +13047,17 @@

        NamespaceKeyAccessServer

        - + - + - - + + - + @@ -12608,7 +13067,7 @@

        NamespaceKeyAccessServer

        NamespacesSort +

        SetBaseKeyResponse

        @@ -12619,17 +13078,17 @@

        NamespacesSort

        - - + + - + - - + + - + @@ -12639,8 +13098,8 @@

        NamespacesSort

        -

        RemoveKeyAccessServerFromNamespaceRequest

        -

        Deprecated: utilize RemovePublicKeyFromNamespaceRequest

        +

        UpdateKeyAccessServerRequest

        +

        namespace_idid string

        Required

        Current Key UUID tp be set as default

        key_access_server_idstringkeyKasKeyIdentifier

        Required

        Alternative way to specify the key using KAS ID and Key ID

        fieldSortNamespacesTypenew_base_keypolicy.SimpleKasKey

        The key that was set as base

        directionpolicy.SortDirectionprevious_base_keypolicy.SimpleKasKey

        The previous base key, if any

        @@ -12650,8 +13109,56 @@

        RemoveKeyAc

        - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -12663,7 +13170,7 @@

        RemoveKeyAc -

        RemoveKeyAccessServerFromNamespaceResponse

        +

        UpdateKeyAccessServerResponse

        @@ -12674,8 +13181,8 @@

        RemoveKeyA

        - - + + @@ -12687,8 +13194,8 @@

        RemoveKeyA -

        RemovePublicKeyFromNamespaceRequest

        -

        +

        UpdateKeyRequest

        +

        Update an existing asymmetric key in the Key Management System

        namespace_key_access_serverNamespaceKeyAccessServeridstring

        Required

        uristring

        Optional

        public_keypolicy.PublicKey

        Deprecated +Optional

        source_typepolicy.SourceType

        Optional +Using UNSPECIFIED will result in a successful update, +but will not actually update the underlying source. +You should not update KAS's from INTERNAL/EXTERNAL +to unspecified.

        namestring

        Optional

        metadatacommon.MetadataMutable

        Optional +Common metadata

        metadata_update_behaviorcommon.MetadataUpdateEnum

        namespace_key_access_serverNamespaceKeyAccessServerkey_access_serverpolicy.KeyAccessServer

        @@ -12698,10 +13205,29 @@

        RemovePublicKeyFr

        - - + + - + + + + + + + + + + + + + + + @@ -12711,8 +13237,8 @@

        RemovePublicKeyFr -

        RemovePublicKeyFromNamespaceResponse

        -

        +

        UpdateKeyResponse

        +

        Response to an UpdateKeyRequest, containing the updated asymmetric key

        namespace_keyNamespaceKeyidstring

        Required + +The unique identifier of the key to update

        metadatacommon.MetadataMutable

        Optional +Common metadata + +Mutable metadata for the key

        metadata_update_behaviorcommon.MetadataUpdateEnum

        The behavior for updating the metadata

        @@ -12722,10 +13248,10 @@

        RemovePublicKeyF

        - - + + - + @@ -12735,7 +13261,7 @@

        RemovePublicKeyF -

        UpdateNamespaceRequest

        +

        UpdatePublicKeyRequest

        @@ -12756,7 +13282,8 @@

        UpdateNamespaceRequest

        - + @@ -12773,7 +13300,7 @@

        UpdateNamespaceRequest

        -

        UpdateNamespaceResponse

        +

        UpdatePublicKeyResponse

        @@ -12784,8 +13311,8 @@

        UpdateNamespaceResponse

        - - + + @@ -12799,7 +13326,7 @@

        UpdateNamespaceResponse

        -

        SortNamespacesType

        +

        SortKasKeysType

        namespace_keyNamespaceKeykas_keypolicy.KasKey

        The updated kas key

        metadata common.MetadataMutable

        Optional

        Optional +Common metadata

        namespacepolicy.Namespacekeypolicy.Key

        @@ -12808,31 +13335,66 @@

        SortNamespacesType

        - + - + - + - + + +
        SORT_NAMESPACES_TYPE_UNSPECIFIEDSORT_KAS_KEYS_TYPE_UNSPECIFIED 0

        SORT_NAMESPACES_TYPE_NAMESORT_KAS_KEYS_TYPE_KEY_ID 1

        SORT_NAMESPACES_TYPE_FQNSORT_KAS_KEYS_TYPE_CREATED_AT 2

        SORT_NAMESPACES_TYPE_CREATED_ATSORT_KAS_KEYS_TYPE_UPDATED_AT 3

        + +

        SortKeyAccessServersType

        +

        + + + + + + - + + + + + + + + + + + + + + + + + + + + + + + + + @@ -12844,7 +13406,7 @@

        SortNamespacesType

        -

        NamespaceService

        +

        KeyAccessServerRegistryService

        NameNumberDescription
        SORT_NAMESPACES_TYPE_UPDATED_ATSORT_KEY_ACCESS_SERVERS_TYPE_UNSPECIFIED0

        SORT_KEY_ACCESS_SERVERS_TYPE_NAME1

        SORT_KEY_ACCESS_SERVERS_TYPE_URI2

        SORT_KEY_ACCESS_SERVERS_TYPE_CREATED_AT3

        SORT_KEY_ACCESS_SERVERS_TYPE_UPDATED_AT 4

        @@ -12853,68 +13415,102 @@

        NamespaceService

        - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - + + + + - - - - + + + + - - - - + + + + @@ -12934,12 +13530,7 @@

        Methods with deprecated option

        - - - - - - + @@ -12960,12 +13551,17 @@

        Methods with idempotency_level option

        - + - + + + + + + @@ -12974,224 +13570,15 @@

        Methods with idempotency_level option

        - -
        -

        policy/obligations/obligations.proto

        Top -
        -

        - - -

        AddObligationTriggerRequest

        -

        Obligation Triggers are owned by the namespace that owns the action and attribute value, which must

        be the same. In this way, a trigger can intentionally cross namespace boundaries: associating

        obligation values of a different namespace than the one that owns the action being taken or the attribute value.

        - - -
        GetNamespaceGetNamespaceRequestGetNamespaceResponseListKeyAccessServersListKeyAccessServersRequestListKeyAccessServersResponse

        ListNamespacesListNamespacesRequestListNamespacesResponseGetKeyAccessServerGetKeyAccessServerRequestGetKeyAccessServerResponse

        CreateNamespaceCreateNamespaceRequestCreateNamespaceResponseCreateKeyAccessServerCreateKeyAccessServerRequestCreateKeyAccessServerResponse

        UpdateNamespaceUpdateNamespaceRequestUpdateNamespaceResponseUpdateKeyAccessServerUpdateKeyAccessServerRequestUpdateKeyAccessServerResponse

        DeactivateNamespaceDeactivateNamespaceRequestDeactivateNamespaceResponseDeleteKeyAccessServerDeleteKeyAccessServerRequestDeleteKeyAccessServerResponse

        AssignKeyAccessServerToNamespaceAssignKeyAccessServerToNamespaceRequestAssignKeyAccessServerToNamespaceResponse

        Deprecated: utilize AssignPublicKeyToNamespace

        		ListKeyAccessServerGrantsListKeyAccessServerGrantsRequestListKeyAccessServerGrantsResponse

        Deprecated

        CreateKeyCreateKeyRequestCreateKeyResponse

        KAS Key Management +Request to create a new key in the Key Access Service.

        GetKeyGetKeyRequestGetKeyResponse

        Request to retrieve a key from the Key Access Service.

        ListKeysListKeysRequestListKeysResponse

        Request to list keys in the Key Access Service.

        UpdateKeyUpdateKeyRequestUpdateKeyResponse

        Request to update a key in the Key Access Service.

        RotateKeyRotateKeyRequestRotateKeyResponse

        Request to rotate a key in the Key Access Service.
        RemoveKeyAccessServerFromNamespaceRemoveKeyAccessServerFromNamespaceRequestRemoveKeyAccessServerFromNamespaceResponse

        Deprecated: utilize RemovePublicKeyFromNamespace

        		SetBaseKeySetBaseKeyRequestSetBaseKeyResponse

        Request to set the default a default kas key.
        AssignPublicKeyToNamespaceAssignPublicKeyToNamespaceRequestAssignPublicKeyToNamespaceResponse

        --------------------------------------* -Namespace <> Key RPCs ----------------------------------------

        		GetBaseKeyGetBaseKeyRequestGetBaseKeyResponse

        Get Default kas keys
        RemovePublicKeyFromNamespaceRemovePublicKeyFromNamespaceRequestRemovePublicKeyFromNamespaceResponse

        		ListKeyMappingsListKeyMappingsRequestListKeyMappingsResponse

        Request to list key mappings in the Key Access Service.
        AssignKeyAccessServerToNamespace

        true

        RemoveKeyAccessServerFromNamespaceListKeyAccessServerGrants

        true
        GetNamespaceListKeyAccessServers

        NO_SIDE_EFFECTS
        ListNamespacesGetKeyAccessServer

        NO_SIDE_EFFECTS

        ListKeyAccessServerGrants

        NO_SIDE_EFFECTS
        - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
        FieldTypeLabelDescription
        obligation_valuecommon.IdFqnIdentifier

        Required

        actioncommon.IdNameIdentifier

        Required

        attribute_valuecommon.IdFqnIdentifier

        Required

        contextpolicy.RequestContext

        Optional -The request context for this obligation value policy decisioning.

        metadatacommon.MetadataMutable

        Optional -Common metadata

        - - - - - -

        AddObligationTriggerResponse

        -

        - - - - - - - - - - - - - - - - -
        FieldTypeLabelDescription
        triggerpolicy.ObligationTrigger

        - - - - - -

        CreateObligationRequest

        -

        - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
        FieldTypeLabelDescription
        namespace_idstring

        namespace_fqnstring

        namestring

        valuesstringrepeated

        Optional

        metadatacommon.MetadataMutable

        Optional -Common metadata

        - - - - - -

        CreateObligationResponse

        -

        - - - - - - - - - - - - - - - - -
        FieldTypeLabelDescription
        obligationpolicy.Obligation

        - - - - - -

        CreateObligationValueRequest

        -

        - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
        FieldTypeLabelDescription
        obligation_idstring

        obligation_fqnstring

        valuestring

        triggersValueTriggerRequestrepeated

        Optional -Combination of action and attribute_value that will trigger this obligation value policy decisioning.

        metadatacommon.MetadataMutable

        Optional -Common metadata

        - - + +
        +

        policy/keymanagement/key_management.proto

        Top +
        +

        - -

        CreateObligationValueResponse

        -

        +

        CreateProviderConfigRequest

        +

        Provider Configuration Requests and Response Messages

        @@ -13201,41 +13588,34 @@

        CreateObligationValueR

        - - + + - + - -
        valuepolicy.ObligationValuenamestring

        Required +The name of the key provider. (e.g. "AWS KMS Instance 1", "Google Cloud KMS Instance 2")

        - - - - - -

        DeleteObligationRequest

        -

        - - - - - - - + + + + + + - + - + - - + + - + @@ -13245,7 +13625,7 @@

        DeleteObligationRequest

        -

        DeleteObligationResponse

        +

        CreateProviderConfigResponse

        @@ -13256,8 +13636,8 @@

        DeleteObligationResponse

        - - + + @@ -13269,8 +13649,8 @@

        DeleteObligationResponseDeleteObligationValueRequest

        -

        +

        DeleteProviderConfigRequest

        +

        In order to delete a provider configuration you must first delete all keys associated with the provider.

        FieldTypeLabelDescription
        config_jsonbytes

        Required +JSON configuration for the key provider. This is unique to individual key providers.

        idmanager string

        Required +The type of key manager (e.g. "aws", "gcp", "azure", "opentdf.io/basic")

        fqnstringmetadatacommon.MetadataMutable

        Common metadata

        obligationpolicy.Obligationprovider_configpolicy.KeyProviderConfig

        @@ -13283,14 +13663,7 @@

        DeleteObligationValueRe

        - - - - - - - - + @@ -13300,7 +13673,7 @@

        DeleteObligationValueRe -

        DeleteObligationValueResponse

        +

        DeleteProviderConfigResponse

        @@ -13311,8 +13684,8 @@

        DeleteObligationValueR

        - - + + @@ -13324,7 +13697,7 @@

        DeleteObligationValueR -

        GetObligationRequest

        +

        GetProviderConfigRequest

        @@ -13342,12 +13715,19 @@

        GetObligationRequest

        - + + + + + + + +
        id string

        fqnstring

        Required

        valuepolicy.ObligationValueprovider_configpolicy.KeyProviderConfig

        fqnname string

        managerstring

        Optional - filter by manager type when searching by name

        @@ -13355,7 +13735,7 @@

        GetObligationRequest

        -

        GetObligationResponse

        +

        GetProviderConfigResponse

        @@ -13366,8 +13746,8 @@

        GetObligationResponse

        - obligation - policy.Obligation + provider_config + policy.KeyProviderConfig

        @@ -13379,8 +13759,8 @@

        GetObligationResponse

        -

        GetObligationTriggerRequest

        -

        Triggers

        +

        ListProviderConfigsRequest

        +

        @@ -13390,10 +13770,10 @@

        GetObligationTriggerRequ

        - - + + - + @@ -13403,7 +13783,7 @@

        GetObligationTriggerRequ -

        GetObligationTriggerResponse

        +

        ListProviderConfigsResponse

        @@ -13414,8 +13794,15 @@

        GetObligationTriggerRes

        - - + + + + + + + + + @@ -13427,8 +13814,8 @@

        GetObligationTriggerRes -

        GetObligationValueRequest

        -

        Values

        +

        UpdateProviderConfigRequest

        +

        idstringpaginationpolicy.PageRequest

        Required

        Optional

        triggerpolicy.ObligationTriggerprovider_configspolicy.KeyProviderConfigrepeated

        paginationpolicy.PageResponse

        @@ -13441,13 +13828,42 @@

        GetObligationValueRequest<

        - + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -13458,7 +13874,7 @@

        GetObligationValueRequest< -

        GetObligationValueResponse

        +

        UpdateProviderConfigResponse

        @@ -13469,8 +13885,8 @@

        GetObligationValueRespons

        - - + + @@ -13482,8 +13898,70 @@

        GetObligationValueRespons -

        GetObligationValuesByFQNsRequest

        + + + + + + +

        KeyManagementService

        +
        id string

        Required

        fqnnamestring

        Optional

        config_jsonbytes

        Optional

        manager string

        Optional

        metadatacommon.MetadataMutable

        Optional +Common metadata

        metadata_update_behaviorcommon.MetadataUpdateEnum

        valuepolicy.ObligationValueprovider_configpolicy.KeyProviderConfig

        + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
        Method NameRequest TypeResponse TypeDescription
        CreateProviderConfigCreateProviderConfigRequestCreateProviderConfigResponse

        Key Management +Provider Management

        GetProviderConfigGetProviderConfigRequestGetProviderConfigResponse

        ListProviderConfigsListProviderConfigsRequestListProviderConfigsResponse

        UpdateProviderConfigUpdateProviderConfigRequestUpdateProviderConfigResponse

        DeleteProviderConfigDeleteProviderConfigRequestDeleteProviderConfigResponse

        + + + + +
        +

        policy/namespaces/namespaces.proto

        Top +
        +

        + + +

        AssignKeyAccessServerToNamespaceRequest

        +

        Deprecated: utilize AssignPublicKeyToNamespaceRequest

        @@ -13493,9 +13971,9 @@

        GetObligationValues

        - - - + + + @@ -13506,7 +13984,7 @@

        GetObligationValues -

        GetObligationValuesByFQNsResponse

        +

        AssignKeyAccessServerToNamespaceResponse

        @@ -13517,9 +13995,9 @@

        GetObligationValue

        - - - + + + @@ -13530,8 +14008,8 @@

        GetObligationValue -

        GetObligationValuesByFQNsResponse.FqnValueMapEntry

        -

        +

        AssignPublicKeyToNamespaceRequest

        +

        Assign Key to Namespace

        fqnsstringrepeatednamespace_key_access_serverNamespaceKeyAccessServer

        fqn_value_mapGetObligationValuesByFQNsResponse.FqnValueMapEntryrepeatednamespace_key_access_serverNamespaceKeyAccessServer

        @@ -13541,15 +14019,32 @@

        G

        - - + + + +
        keystringnamespace_keyNamespaceKey

        + + + + + +

        AssignPublicKeyToNamespaceResponse

        +

        + + + + + + + + - - + + @@ -13561,7 +14056,7 @@

        G -

        GetObligationsByFQNsRequest

        +

        CreateNamespaceRequest

        @@ -13572,10 +14067,17 @@

        GetObligationsByFQNsRequ

        - + - - + + + + + + + + + @@ -13585,7 +14087,7 @@

        GetObligationsByFQNsRequ -

        GetObligationsByFQNsResponse

        +

        CreateNamespaceResponse

        @@ -13596,9 +14098,9 @@

        GetObligationsByFQNsRes

        - - - + + + @@ -13609,7 +14111,7 @@

        GetObligationsByFQNsRes -

        GetObligationsByFQNsResponse.FqnObligationMapEntry

        +

        DeactivateNamespaceRequest

        @@ -13620,17 +14122,10 @@

        G

        - + - - - - - - - - + @@ -13640,7 +14135,14 @@

        G -

        ListObligationTriggersRequest

        +

        DeactivateNamespaceResponse

        +

        + + + + + +

        GetNamespaceRequest

        @@ -13651,34 +14153,55 @@

        ListObligationTriggers

        - + - + - + - + - - + + - +
        FieldTypeLabelDescription
        valuepolicy.ObligationValuenamespace_keyNamespaceKey

        fqnsname stringrepeated

        Required

        metadatacommon.MetadataMutable

        Optional

        fqn_obligation_mapGetObligationsByFQNsResponse.FqnObligationMapEntryrepeatednamespacepolicy.Namespace

        keyid string

        valuepolicy.Obligation

        Required

        namespace_idid string

        Deprecated. Deprecated

        namespace_fqnnamespace_id string

        option (buf.validate.oneof).required = true; // TODO: enable this when we remove the deprecated field

        paginationpolicy.PageRequestfqnstring

        Optional

        + + +

        Fields with deprecated option

        + + + + + + + + + + + + + + + +
        NameOption
        id

        true

        + + -

        ListObligationTriggersResponse

        +

        GetNamespaceResponse

        @@ -13689,15 +14212,8 @@

        ListObligationTrigger - triggers - policy.ObligationTrigger - repeated -

        - - - - pagination - policy.PageResponse + namespace + policy.Namespace

        @@ -13709,7 +14225,7 @@

        ListObligationTrigger -

        ListObligationsRequest

        +

        ListNamespacesRequest

        @@ -13720,17 +14236,11 @@

        ListObligationsRequest

        - namespace_id - string - -

        - - - - namespace_fqn - string + state + common.ActiveStateEnum -

        +

        Optional +ACTIVE by default when not specified

        @@ -13742,7 +14252,7 @@

        ListObligationsRequest

        sort - ObligationsSort + NamespacesSort repeated

        Optional - CONSTRAINT: max 1 item Sort defaults: @@ -13758,7 +14268,7 @@

        ListObligationsRequest

        -

        ListObligationsResponse

        +

        ListNamespacesResponse

        @@ -13769,8 +14279,8 @@

        ListObligationsResponse

        - obligations - policy.Obligation + namespaces + policy.Namespace repeated

        @@ -13789,7 +14299,7 @@

        ListObligationsResponse

        -

        ObligationsSort

        +

        NamespaceKey

        @@ -13800,17 +14310,17 @@

        ObligationsSort

        - field - SortObligationsType + namespace_id + string -

        +

        Required

        - direction - policy.SortDirection + key_id + string -

        +

        Required (The id from the Asymmetric Key object)

        @@ -13820,8 +14330,8 @@

        ObligationsSort

        -

        RemoveObligationTriggerRequest

        -

        +

        NamespaceKeyAccessServer

        +

        Deprecated

        @@ -13831,7 +14341,14 @@

        RemoveObligationTrigg

        - + + + + + + + + @@ -13844,7 +14361,7 @@

        RemoveObligationTrigg -

        RemoveObligationTriggerResponse

        +

        NamespacesSort

        @@ -13855,8 +14372,15 @@

        RemoveObligationTrig

        - - + + + + + + + + + @@ -13868,8 +14392,8 @@

        RemoveObligationTrig -

        UpdateObligationRequest

        -

        +

        RemoveKeyAccessServerFromNamespaceRequest

        +

        Deprecated: utilize RemovePublicKeyFromNamespaceRequest

        idnamespace_idstring

        Required

        key_access_server_id string

        Required

        triggerpolicy.ObligationTriggerfieldSortNamespacesType

        directionpolicy.SortDirection

        @@ -13879,29 +14403,8 @@

        UpdateObligationRequest

        - - - - - - - - - - - - - - - - - - - - - - - + + @@ -13913,7 +14416,7 @@

        UpdateObligationRequest

        -

        UpdateObligationResponse

        +

        RemoveKeyAccessServerFromNamespaceResponse

        @@ -13924,8 +14427,8 @@

        UpdateObligationResponse

        - - + + @@ -13937,7 +14440,7 @@

        UpdateObligationResponseUpdateObligationValueRequest

        +

        RemovePublicKeyFromNamespaceRequest

        @@ -13948,38 +14451,32 @@

        UpdateObligationValueRe

        - - - - - - - - - + + - - - - - - - - + - - - - - - + +
        idstring

        Required

        namestring

        Optional

        metadatacommon.MetadataMutable

        metadata_update_behaviorcommon.MetadataUpdateEnumnamespace_key_access_serverNamespaceKeyAccessServer

        obligationpolicy.Obligationnamespace_key_access_serverNamespaceKeyAccessServer

        idstring

        Required

        valuestringnamespace_keyNamespaceKey

        Optional

        triggersValueTriggerRequestrepeated

        Optional -Obligation Triggers provided here will replace all existing records in the database.

        metadatacommon.MetadataMutable

        Optional -Common metadata

        + + + + + +

        RemovePublicKeyFromNamespaceResponse

        +

        + + + + + + + - - + + @@ -13991,7 +14488,7 @@

        UpdateObligationValueRe -

        UpdateObligationValueResponse

        +

        UpdateNamespaceRequest

        @@ -14002,8 +14499,22 @@

        UpdateObligationValueR

        - - + + + + + + + + + + + + + + + + @@ -14015,7 +14526,7 @@

        UpdateObligationValueR -

        ValueTriggerRequest

        +

        UpdateNamespaceResponse

        @@ -14026,24 +14537,10 @@

        ValueTriggerRequest

        - - - - - - - - - - - - - - - - + + - + @@ -14055,7 +14552,7 @@

        ValueTriggerRequest

        -

        SortObligationsType

        +

        SortNamespacesType

        FieldTypeLabelDescription
        metadata_update_behaviorcommon.MetadataUpdateEnumnamespace_keyNamespaceKey

        valuepolicy.ObligationValueidstring

        Required

        metadatacommon.MetadataMutable

        Optional

        metadata_update_behaviorcommon.MetadataUpdateEnum

        actioncommon.IdNameIdentifier

        Required. The ID of the action that will trigger this obligation value policy decisioning.

        attribute_valuecommon.IdFqnIdentifier

        Required. The attribute value ID that will trigger this obligation value policy decisioning.

        contextpolicy.RequestContextnamespacepolicy.Namespace

        Optional. The request context for this obligation value policy decisioning.

        @@ -14064,31 +14561,31 @@

        SortObligationsType

        - + - + - + - + - + @@ -14100,8 +14597,8 @@

        SortObligationsType

        -

        Service

        -

        Obligation Service

        /

        +

        NamespaceService

        +

        SORT_OBLIGATIONS_TYPE_UNSPECIFIEDSORT_NAMESPACES_TYPE_UNSPECIFIED 0

        SORT_OBLIGATIONS_TYPE_NAMESORT_NAMESPACES_TYPE_NAME 1

        SORT_OBLIGATIONS_TYPE_FQNSORT_NAMESPACES_TYPE_FQN 2

        SORT_OBLIGATIONS_TYPE_CREATED_ATSORT_NAMESPACES_TYPE_CREATED_AT 3

        SORT_OBLIGATIONS_TYPE_UPDATED_ATSORT_NAMESPACES_TYPE_UPDATED_AT 4

        @@ -14109,107 +14606,67 @@

        Service

        - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - - + + + + - - - - + + + + - - - - + + + + - - - + + + @@ -14219,7 +14676,7 @@

        Service

        -

        Methods with idempotency_level option

        +

        Methods with deprecated option

        Method NameRequest TypeResponse TypeDescription
        ListObligationsListObligationsRequestListObligationsResponse

        GetObligationGetObligationRequestGetObligationResponse

        GetObligationsByFQNsGetObligationsByFQNsRequestGetObligationsByFQNsResponse

        CreateObligationCreateObligationRequestCreateObligationResponse

        UpdateObligationUpdateObligationRequestUpdateObligationResponse

        DeleteObligationDeleteObligationRequestDeleteObligationResponse

        GetObligationValueGetObligationValueRequestGetObligationValueResponseGetNamespaceGetNamespaceRequestGetNamespaceResponse

        GetObligationValuesByFQNsGetObligationValuesByFQNsRequestGetObligationValuesByFQNsResponseListNamespacesListNamespacesRequestListNamespacesResponse

        CreateObligationValueCreateObligationValueRequestCreateObligationValueResponseCreateNamespaceCreateNamespaceRequestCreateNamespaceResponse

        UpdateObligationValueUpdateObligationValueRequestUpdateObligationValueResponseUpdateNamespaceUpdateNamespaceRequestUpdateNamespaceResponse

        DeleteObligationValueDeleteObligationValueRequestDeleteObligationValueResponseDeactivateNamespaceDeactivateNamespaceRequestDeactivateNamespaceResponse

        GetObligationTriggerGetObligationTriggerRequestGetObligationTriggerResponse

        		AssignKeyAccessServerToNamespaceAssignKeyAccessServerToNamespaceRequestAssignKeyAccessServerToNamespaceResponse

        Deprecated: utilize AssignPublicKeyToNamespace
        AddObligationTriggerAddObligationTriggerRequestAddObligationTriggerResponse

        		RemoveKeyAccessServerFromNamespaceRemoveKeyAccessServerFromNamespaceRequestRemoveKeyAccessServerFromNamespaceResponse

        Deprecated: utilize RemovePublicKeyFromNamespace
        RemoveObligationTriggerRemoveObligationTriggerRequestRemoveObligationTriggerResponse

        		AssignPublicKeyToNamespaceAssignPublicKeyToNamespaceRequestAssignPublicKeyToNamespaceResponse

        --------------------------------------* +Namespace <> Key RPCs +---------------------------------------
        ListObligationTriggersListObligationTriggersRequestListObligationTriggersResponseRemovePublicKeyFromNamespaceRemovePublicKeyFromNamespaceRequestRemovePublicKeyFromNamespaceResponse

        @@ -14230,37 +14687,38 @@

        Methods with idempotency_level option

        - - - - - - - - - - - - + + - - + + + +
        ListObligations

        NO_SIDE_EFFECTS

        GetObligation

        NO_SIDE_EFFECTS

        GetObligationsByFQNs

        NO_SIDE_EFFECTS

        		AssignKeyAccessServerToNamespace

        true
        GetObligationValue

        NO_SIDE_EFFECTS

        		RemoveKeyAccessServerFromNamespace

        true
        + + + + +

        Methods with idempotency_level option

        + + - - + + + + - + - + @@ -14271,13 +14729,13 @@

        Methods with idempotency_level option

        -

        policy/registeredresources/registered_resources.proto

        Top +

        policy/obligations/obligations.proto

        Top

        -

        ActionAttributeValue

        -

        +

        AddObligationTriggerRequest

        +

        Obligation Triggers are owned by the namespace that owns the action and attribute value, which must

        be the same. In this way, a trigger can intentionally cross namespace boundaries: associating

        obligation values of a different namespace than the one that owns the action being taken or the attribute value.

        GetObligationValuesByFQNs

        NO_SIDE_EFFECTS

        		Method NameOption
        GetObligationTriggerGetNamespace

        NO_SIDE_EFFECTS
        ListObligationTriggersListNamespaces

        NO_SIDE_EFFECTS
        @@ -14287,29 +14745,62 @@

        ActionAttributeValue

        - - + + - + - - + + - + - - + + - + - - + + + + + + + + + + + + + + +
        action_idstringobligation_valuecommon.IdFqnIdentifier

        Required

        action_namestringactioncommon.IdNameIdentifier

        Required

        attribute_value_idstringattribute_valuecommon.IdFqnIdentifier

        Required

        attribute_value_fqnstringcontextpolicy.RequestContext

        Optional +The request context for this obligation value policy decisioning.

        metadatacommon.MetadataMutable

        Optional +Common metadata

        + + + + + +

        AddObligationTriggerResponse

        +

        + + + + + + + + + + + @@ -14321,7 +14812,7 @@

        ActionAttributeValueCreateRegisteredResourceRequest

        +

        CreateObligationRequest

        @@ -14332,33 +14823,31 @@

        CreateRegist

        - + - + - + - - + + - + - + - - + + @@ -14376,7 +14865,7 @@

        CreateRegist -

        CreateRegisteredResourceResponse

        +

        CreateObligationResponse

        @@ -14387,8 +14876,8 @@

        CreateRegis

        - - + + @@ -14400,7 +14889,7 @@

        CreateRegis -

        CreateRegisteredResourceValueRequest

        +

        CreateObligationValueRequest

        @@ -14411,26 +14900,32 @@

        CreateR

        - + - + + + + + + + + - + - - + + +Combination of action and attribute_value that will trigger this obligation value policy decisioning.

        @@ -14448,7 +14943,7 @@

        CreateR -

        CreateRegisteredResourceValueResponse

        +

        CreateObligationValueResponse

        @@ -14460,7 +14955,7 @@

        Create

        - + @@ -14472,7 +14967,7 @@

        Create -

        DeleteRegisteredResourceRequest

        +

        DeleteObligationRequest

        @@ -14486,7 +14981,14 @@

        DeleteRegist

        - + + + + + + + + @@ -14496,7 +14998,7 @@

        DeleteRegist -

        DeleteRegisteredResourceResponse

        +

        DeleteObligationResponse

        @@ -14507,8 +15009,8 @@

        DeleteRegis

        - - + + @@ -14520,7 +15022,7 @@

        DeleteRegis -

        DeleteRegisteredResourceValueRequest

        +

        DeleteObligationValueRequest

        @@ -14534,7 +15036,14 @@

        DeleteR

        - + + + + + + + + @@ -14544,7 +15053,7 @@

        DeleteR -

        DeleteRegisteredResourceValueResponse

        +

        DeleteObligationValueResponse

        @@ -14556,7 +15065,7 @@

        Delete

        - + @@ -14568,7 +15077,7 @@

        Delete -

        GetRegisteredResourceRequest

        +

        GetObligationRequest

        @@ -14586,24 +15095,58 @@

        GetRegisteredRe

        - + + +
        FieldTypeLabelDescription
        triggerpolicy.ObligationTrigger

        namenamespace_id string

        Required

        valuesnamespace_fqn stringrepeated

        Optional -Registered Resource Values (when provided) must be alphanumeric strings, allowing hyphens and underscores but not as the first or last character. -The stored value will be normalized to lower case.

        namespace_idname string

        namespace_fqnvalues string

        		repeated

        Optional

        resourcepolicy.RegisteredResourceobligationpolicy.Obligation

        resource_idobligation_id string

        Required

        obligation_fqnstring
        value string

        Required

        action_attribute_valuesActionAttributeValuetriggersValueTriggerRequest repeated

        Optional -The associated Action <> AttributeValue combinations to be utilized in authorization/entitlement decisioning -(i.e. action read -> attribute value https://example.com/attr/department/value/marketing)

        valuepolicy.RegisteredResourceValuepolicy.ObligationValue

        id string

        Required

        fqnstring
        resourcepolicy.RegisteredResourceobligationpolicy.Obligation

        id string

        Required

        fqnstring
        valuepolicy.RegisteredResourceValuepolicy.ObligationValue

        namefqn string

        + + + + + +

        GetObligationResponse

        +

        + + + + + + + + - - + + + +
        FieldTypeLabelDescription
        namespace_fqnstringobligationpolicy.Obligation

        + + + + + +

        GetObligationTriggerRequest

        +

        Triggers

        + + + + + + + + - + - + @@ -14613,7 +15156,7 @@

        GetRegisteredRe -

        GetRegisteredResourceResponse

        +

        GetObligationTriggerResponse

        @@ -14624,8 +15167,8 @@

        GetRegisteredR

        - - + + @@ -14637,8 +15180,8 @@

        GetRegisteredR -

        GetRegisteredResourceValueRequest

        -

        +

        GetObligationValueRequest

        +

        Values

        FieldTypeLabelDescription
        namespace_idid string

        Required

        resourcepolicy.RegisteredResourcetriggerpolicy.ObligationTrigger

        @@ -14668,7 +15211,7 @@

        GetRegiste -

        GetRegisteredResourceValueResponse

        +

        GetObligationValueResponse

        @@ -14680,7 +15223,7 @@

        GetRegist

        - + @@ -14692,7 +15235,7 @@

        GetRegist -

        GetRegisteredResourceValuesByFQNsRequest

        +

        GetObligationValuesByFQNsRequest

        @@ -14706,7 +15249,7 @@

        Get

        - + @@ -14716,7 +15259,7 @@

        Get -

        GetRegisteredResourceValuesByFQNsResponse

        +

        GetObligationValuesByFQNsResponse

        @@ -14728,7 +15271,7 @@

        Ge

        - + @@ -14740,7 +15283,7 @@

        Ge -

        GetRegisteredResourceValuesByFQNsResponse.FqnValueMapEntry

        +

        GetObligationValuesByFQNsResponse.FqnValueMapEntry

        @@ -14759,7 +15302,7 @@

        policy.RegisteredResourceValue +

        @@ -14771,7 +15314,7 @@

        ListRegisteredResourceValuesRequest

        +

        GetObligationsByFQNsRequest

        @@ -14782,10 +15325,96 @@

        ListRegi

        - + + + + + + + +
        valuepolicy.RegisteredResourceValuepolicy.ObligationValue

        fqns string repeated

        Required

        fqn_value_mapGetRegisteredResourceValuesByFQNsResponse.FqnValueMapEntryGetObligationValuesByFQNsResponse.FqnValueMapEntry repeated

        policy.ObligationValue

        resource_idfqnsstringrepeated

        + + + + + +

        GetObligationsByFQNsResponse

        +

        + + + + + + + + + + + + + + + + +
        FieldTypeLabelDescription
        fqn_obligation_mapGetObligationsByFQNsResponse.FqnObligationMapEntryrepeated

        + + + + + +

        GetObligationsByFQNsResponse.FqnObligationMapEntry

        +

        + + + + + + + + + + - + + + + + + + + + + + +
        FieldTypeLabelDescription
        key string

        Optional

        valuepolicy.Obligation

        + + + + + +

        ListObligationTriggersRequest

        +

        + + + + + + + + + + + + + + + + + + + + @@ -14802,7 +15431,7 @@

        ListRegi -

        ListRegisteredResourceValuesResponse

        +

        ListObligationTriggersResponse

        @@ -14813,8 +15442,8 @@

        ListReg

        - - + + @@ -14833,7 +15462,7 @@

        ListReg -

        ListRegisteredResourcesRequest

        +

        ListObligationsRequest

        @@ -14866,7 +15495,7 @@

        ListRegistere

        - + - - + + @@ -14913,7 +15542,7 @@

        ListRegister -

        RegisteredResourcesSort

        +

        ObligationsSort

        @@ -14925,7 +15554,7 @@

        RegisteredResourcesS

        - + @@ -14944,7 +15573,55 @@

        RegisteredResourcesS -

        UpdateRegisteredResourceRequest

        +

        RemoveObligationTriggerRequest

        +

        + + +
        FieldTypeLabelDescription
        namespace_idstring

        namespace_fqnstring
        valuespolicy.RegisteredResourceValuetriggerspolicy.ObligationTrigger repeated

        sortRegisteredResourcesSortObligationsSort repeated

        Optional - CONSTRAINT: max 1 item Sort defaults: @@ -14882,7 +15511,7 @@

        ListRegistere -

        ListRegisteredResourcesResponse

        +

        ListObligationsResponse

        @@ -14893,8 +15522,8 @@

        ListRegister

        resourcespolicy.RegisteredResourceobligationspolicy.Obligation repeated

        fieldSortRegisteredResourcesTypeSortObligationsType

        + + + + + + + + + + + + + +
        FieldTypeLabelDescription
        idstring

        Required

        + + + + + +

        RemoveObligationTriggerResponse

        +

        + + + + + + + + + + + + + + + + +
        FieldTypeLabelDescription
        triggerpolicy.ObligationTrigger

        + + + + + +

        UpdateObligationRequest

        @@ -14972,8 +15649,7 @@

        UpdateRegist metadata common.MetadataMutable -

        Optional -Common metadata

        +

        @@ -14990,7 +15666,7 @@

        UpdateRegist -

        UpdateRegisteredResourceResponse

        +

        UpdateObligationResponse

        @@ -15001,8 +15677,8 @@

        UpdateRegis - resource - policy.RegisteredResource + obligation + policy.Obligation

        @@ -15014,7 +15690,7 @@

        UpdateRegis -

        UpdateRegisteredResourceValueRequest

        +

        UpdateObligationValueRequest

        @@ -15039,11 +15715,11 @@

        UpdateR - action_attribute_values - ActionAttributeValue + triggers + ValueTriggerRequest repeated

        Optional -Action Attribute Values provided here will replace all existing records in the database. To delete all action attribute values, set this field to an empty list.

        +Obligation Triggers provided here will replace all existing records in the database.

        @@ -15068,7 +15744,7 @@

        UpdateR -

        UpdateRegisteredResourceValueResponse

        +

        UpdateObligationValueResponse

        @@ -15080,7 +15756,7 @@

        Update value - policy.RegisteredResourceValue + policy.ObligationValue

        @@ -15092,9 +15768,47 @@

        Update +

        ValueTriggerRequest

        +

        + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
        FieldTypeLabelDescription
        actioncommon.IdNameIdentifier

        Required. The ID of the action that will trigger this obligation value policy decisioning.

        attribute_valuecommon.IdFqnIdentifier

        Required. The attribute value ID that will trigger this obligation value policy decisioning.

        contextpolicy.RequestContext

        Optional. The request context for this obligation value policy decisioning.

        + + + + + -

        SortRegisteredResourcesType

        +

        SortObligationsType

        @@ -15103,29 +15817,35 @@

        SortRegisteredRe

        - + - + - + - + + + + + + +
        SORT_REGISTERED_RESOURCES_TYPE_UNSPECIFIEDSORT_OBLIGATIONS_TYPE_UNSPECIFIED 0

        SORT_REGISTERED_RESOURCES_TYPE_NAMESORT_OBLIGATIONS_TYPE_NAME 1

        SORT_REGISTERED_RESOURCES_TYPE_CREATED_ATSORT_OBLIGATIONS_TYPE_FQN 2

        SORT_REGISTERED_RESOURCES_TYPE_UPDATED_ATSORT_OBLIGATIONS_TYPE_CREATED_AT 3

        SORT_OBLIGATIONS_TYPE_UPDATED_AT4
        @@ -15133,8 +15853,8 @@

        SortRegisteredRe -

        RegisteredResourcesService

        -

        Registered Resources

        +

        Service

        +

        Obligation Service

        /

        @@ -15142,95 +15862,174 @@

        RegisteredResourc

        - - - + + + - - - + + + - - - + + + - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
        Method NameRequest TypeResponse TypeDescription
        CreateRegisteredResourceCreateRegisteredResourceRequestCreateRegisteredResourceResponseListObligationsListObligationsRequestListObligationsResponse

        GetRegisteredResourceGetRegisteredResourceRequestGetRegisteredResourceResponseGetObligationGetObligationRequestGetObligationResponse

        ListRegisteredResourcesListRegisteredResourcesRequestListRegisteredResourcesResponseGetObligationsByFQNsGetObligationsByFQNsRequestGetObligationsByFQNsResponse

        UpdateRegisteredResourceUpdateRegisteredResourceRequestUpdateRegisteredResourceResponseCreateObligationCreateObligationRequestCreateObligationResponse

        UpdateObligationUpdateObligationRequestUpdateObligationResponse

        DeleteObligationDeleteObligationRequestDeleteObligationResponse

        GetObligationValueGetObligationValueRequestGetObligationValueResponse

        GetObligationValuesByFQNsGetObligationValuesByFQNsRequestGetObligationValuesByFQNsResponse

        CreateObligationValueCreateObligationValueRequestCreateObligationValueResponse

        UpdateObligationValueUpdateObligationValueRequestUpdateObligationValueResponse

        DeleteObligationValueDeleteObligationValueRequestDeleteObligationValueResponse

        GetObligationTriggerGetObligationTriggerRequestGetObligationTriggerResponse

        AddObligationTriggerAddObligationTriggerRequestAddObligationTriggerResponse

        RemoveObligationTriggerRemoveObligationTriggerRequestRemoveObligationTriggerResponse

        ListObligationTriggersListObligationTriggersRequestListObligationTriggersResponse

        + + + + +

        Methods with idempotency_level option

        + + + + + + + + + - - - - + + - - - - + + - - - - + + - - - - + + - - - - + + - - - - + + - - - - + + - -
        Method NameOption
        DeleteRegisteredResourceDeleteRegisteredResourceRequestDeleteRegisteredResourceResponse

        		ListObligations

        NO_SIDE_EFFECTS
        CreateRegisteredResourceValueCreateRegisteredResourceValueRequestCreateRegisteredResourceValueResponse

        		GetObligation

        NO_SIDE_EFFECTS
        GetRegisteredResourceValueGetRegisteredResourceValueRequestGetRegisteredResourceValueResponse

        		GetObligationsByFQNs

        NO_SIDE_EFFECTS
        GetRegisteredResourceValuesByFQNsGetRegisteredResourceValuesByFQNsRequestGetRegisteredResourceValuesByFQNsResponse

        		GetObligationValue

        NO_SIDE_EFFECTS
        ListRegisteredResourceValuesListRegisteredResourceValuesRequestListRegisteredResourceValuesResponse

        		GetObligationValuesByFQNs

        NO_SIDE_EFFECTS
        UpdateRegisteredResourceValueUpdateRegisteredResourceValueRequestUpdateRegisteredResourceValueResponse

        		GetObligationTrigger

        NO_SIDE_EFFECTS
        DeleteRegisteredResourceValueDeleteRegisteredResourceValueRequestDeleteRegisteredResourceValueResponse

        		ListObligationTriggers

        NO_SIDE_EFFECTS
        - + + +
        -

        policy/resourcemapping/resource_mapping.proto

        Top +

        policy/registeredresources/registered_resources.proto

        Top

        -

        CreateResourceMappingGroupRequest

        +

        ActionAttributeValue

        @@ -15241,12 +16040,50 @@

        CreateResource - namespace_id + action_id string -

        Required

        +

        + + + + action_name + string + +

        + + + + attribute_value_id + string + +

        + + + + attribute_value_fqn + string + +

        + + + + + + + +

        CreateRegisteredResourceRequest

        +

        + + + + + + + + @@ -15254,11 +16091,35 @@

        CreateResource

        + + + + + + + + + + + + + + + + + + + + + - + @@ -15268,7 +16129,7 @@

        CreateResource -

        CreateResourceMappingGroupResponse

        +

        CreateRegisteredResourceResponse

        @@ -15279,8 +16140,8 @@

        CreateResourc

        - - + + @@ -15292,7 +16153,7 @@

        CreateResourc -

        CreateResourceMappingRequest

        +

        CreateRegisteredResourceValueRequest

        @@ -15303,31 +16164,34 @@

        CreateResourceMappi

        - + - + - + - - - - + + + + - + @@ -15337,7 +16201,7 @@

        CreateResourceMappi -

        CreateResourceMappingResponse

        +

        CreateRegisteredResourceValueResponse

        @@ -15348,8 +16212,8 @@

        CreateResourceMapp

        - - + + @@ -15361,7 +16225,7 @@

        CreateResourceMapp -

        DeleteResourceMappingGroupRequest

        +

        DeleteRegisteredResourceRequest

        @@ -15385,7 +16249,7 @@

        DeleteResource -

        DeleteResourceMappingGroupResponse

        +

        DeleteRegisteredResourceResponse

        @@ -15396,8 +16260,8 @@

        DeleteResourc

        - - + + @@ -15409,7 +16273,7 @@

        DeleteResourc -

        DeleteResourceMappingRequest

        +

        DeleteRegisteredResourceValueRequest

        @@ -15433,7 +16297,7 @@

        DeleteResourceMappi -

        DeleteResourceMappingResponse

        +

        DeleteRegisteredResourceValueResponse

        @@ -15444,8 +16308,8 @@

        DeleteResourceMapp

        - - + + @@ -15457,7 +16321,7 @@

        DeleteResourceMapp -

        GetResourceMappingGroupRequest

        +

        GetRegisteredResourceRequest

        @@ -15471,7 +16335,28 @@

        GetResourceMappin

        - + + + + + + + + + + + + + + + + + + + + + + @@ -15481,7 +16366,7 @@

        GetResourceMappin -

        GetResourceMappingGroupResponse

        +

        GetRegisteredResourceResponse

        @@ -15492,8 +16377,8 @@

        GetResourceMappi

        - - + + @@ -15505,7 +16390,7 @@

        GetResourceMappi -

        GetResourceMappingRequest

        +

        GetRegisteredResourceValueRequest

        @@ -15519,7 +16404,14 @@

        GetResourceMappingRequ

        - + + + + + + + + @@ -15529,7 +16421,7 @@

        GetResourceMappingRequ -

        GetResourceMappingResponse

        +

        GetRegisteredResourceValueResponse

        @@ -15540,8 +16432,8 @@

        GetResourceMappingRes

        - - + + @@ -15553,7 +16445,7 @@

        GetResourceMappingRes -

        ListResourceMappingGroupsRequest

        +

        GetRegisteredResourceValuesByFQNsRequest

        @@ -15564,17 +16456,10 @@

        ListResourceMap

        - + - - - - - - - - - + + @@ -15584,7 +16469,7 @@

        ListResourceMap -

        ListResourceMappingGroupsResponse

        +

        GetRegisteredResourceValuesByFQNsResponse

        @@ -15595,19 +16480,12 @@

        ListResourceMa

        - - + + - - - - - - -
        FieldTypeLabelDescription
        name string

        Required

        valuesstringrepeated

        Optional +Registered Resource Values (when provided) must be alphanumeric strings, allowing hyphens and underscores but not as the first or last character. +The stored value will be normalized to lower case.

        namespace_idstring

        namespace_fqnstring

        metadata common.MetadataMutable

        Common metadata

        Optional +Common metadata

        resource_mapping_grouppolicy.ResourceMappingGroupresourcepolicy.RegisteredResource

        attribute_value_idresource_id string

        Required

        termsvalue stringrepeated

        Required

        group_idstring

        Optional

        		action_attribute_valuesActionAttributeValuerepeated

        Optional +The associated Action <> AttributeValue combinations to be utilized in authorization/entitlement decisioning +(i.e. action read -> attribute value https://example.com/attr/department/value/marketing)

        metadata common.MetadataMutable

        Optional

        Optional +Common metadata

        resource_mappingpolicy.ResourceMappingvaluepolicy.RegisteredResourceValue

        resource_mapping_grouppolicy.ResourceMappingGroupresourcepolicy.RegisteredResource

        resource_mappingpolicy.ResourceMappingvaluepolicy.RegisteredResourceValue

        id string

        Required

        namestring

        namespace_fqnstring

        namespace_idstring
        resource_mapping_grouppolicy.ResourceMappingGroupresourcepolicy.RegisteredResource

        id string

        Required

        fqnstring
        resource_mappingpolicy.ResourceMappingvaluepolicy.RegisteredResourceValue

        namespace_idfqns string

        Optional

        paginationpolicy.PageRequest

        Optional

        		repeated

        Required

        resource_mapping_groupspolicy.ResourceMappingGroupfqn_value_mapGetRegisteredResourceValuesByFQNsResponse.FqnValueMapEntry repeated

        paginationpolicy.PageResponse
        @@ -15615,7 +16493,7 @@

        ListResourceMa -

        ListResourceMappingsByGroupFqnsRequest

        +

        GetRegisteredResourceValuesByFQNsResponse.FqnValueMapEntry

        @@ -15626,11 +16504,17 @@

        ListResou - fqns - string - repeated -

        Required -Structure of the RM Group FQN is 'https://<namespace>/resm/<group name>'

        + key + string + +

        + + + + value + policy.RegisteredResourceValue + +

        @@ -15640,7 +16524,7 @@

        ListResou -

        ListResourceMappingsByGroupFqnsResponse

        +

        ListRegisteredResourceValuesRequest

        @@ -15651,10 +16535,17 @@

        ListReso - fqn_resource_mapping_groups - ListResourceMappingsByGroupFqnsResponse.FqnResourceMappingGroupsEntry - repeated -

        + resource_id + string + +

        Optional

        + + + + pagination + policy.PageRequest + +

        Optional

        @@ -15664,7 +16555,7 @@

        ListReso -

        ListResourceMappingsByGroupFqnsResponse.FqnResourceMappingGroupsEntry

        +

        ListRegisteredResourceValuesResponse

        @@ -15675,15 +16566,15 @@

        string - + values + policy.RegisteredResourceValue + repeated

        - value - ResourceMappingsByGroup + pagination + policy.PageResponse

        @@ -15695,7 +16586,7 @@

        ListResourceMappingsRequest

        +

        ListRegisteredResourcesRequest

        @@ -15706,10 +16597,17 @@

        ListResourceMappings - group_id + namespace_id string -

        Optional

        +

        + + + + namespace_fqn + string + +

        @@ -15719,6 +16617,17 @@

        ListResourceMappings

        Optional

        + + sort + RegisteredResourcesSort + repeated +

        Optional - CONSTRAINT: max 1 item +Sort defaults: + - direction UNSPECIFIED defaults to DESC for the specified field + - field UNSPECIFIED defaults to created_at with the specified direction + - both UNSPECIFIED or sort omitted defaults to created_at DESC

        + + @@ -15726,7 +16635,7 @@

        ListResourceMappings -

        ListResourceMappingsResponse

        +

        ListRegisteredResourcesResponse

        @@ -15737,8 +16646,8 @@

        ListResourceMapping - resource_mappings - policy.ResourceMapping + resources + policy.RegisteredResource repeated

        @@ -15757,7 +16666,7 @@

        ListResourceMapping -

        ResourceMappingsByGroup

        +

        RegisteredResourcesSort

        @@ -15768,16 +16677,16 @@

        ResourceMappingsByGroup< - group - policy.ResourceMappingGroup + field + SortRegisteredResourcesType

        - mappings - policy.ResourceMapping - repeated + direction + policy.SortDirection +

        @@ -15788,7 +16697,7 @@

        ResourceMappingsByGroup< -

        UpdateResourceMappingGroupRequest

        +

        UpdateRegisteredResourceRequest

        @@ -15805,13 +16714,6 @@

        UpdateResource

        Required

        - - namespace_id - string - -

        Optional

        - - name string @@ -15823,7 +16725,8 @@

        UpdateResource metadata common.MetadataMutable -

        Common metadata

        +

        Optional +Common metadata

        @@ -15840,7 +16743,7 @@

        UpdateResource -

        UpdateResourceMappingGroupResponse

        +

        UpdateRegisteredResourceResponse

        @@ -15851,8 +16754,8 @@

        UpdateResourc - resource_mapping_group - policy.ResourceMappingGroup + resource + policy.RegisteredResource

        @@ -15864,7 +16767,7 @@

        UpdateResourc -

        UpdateResourceMappingRequest

        +

        UpdateRegisteredResourceValueRequest

        @@ -15882,24 +16785,18 @@

        UpdateResourceMappi - attribute_value_id + value string

        Optional

        - terms - string + action_attribute_values + ActionAttributeValue repeated -

        Optional

        - - - - group_id - string - -

        Optional

        +

        Optional +Action Attribute Values provided here will replace all existing records in the database. To delete all action attribute values, set this field to an empty list.

        @@ -15907,7 +16804,7 @@

        UpdateResourceMappi common.MetadataMutable

        Optional -Common Metadata

        +Common metadata

        @@ -15924,7 +16821,7 @@

        UpdateResourceMappi -

        UpdateResourceMappingResponse

        +

        UpdateRegisteredResourceValueResponse

        @@ -15935,8 +16832,8 @@

        UpdateResourceMapp - resource_mapping - policy.ResourceMapping + value + policy.RegisteredResourceValue

        @@ -15950,149 +16847,143 @@

        UpdateResourceMapp - - - - -

        ResourceMappingService

        -

        Resource Mapping Groups

        +

        SortRegisteredResourcesType

        +

        - + - - - + + - - - + + - - - + + - - - + + - - - - - - + +
        Method NameRequest TypeResponse TypeDescription
        NameNumberDescription
        ListResourceMappingGroupsListResourceMappingGroupsRequestListResourceMappingGroupsResponseSORT_REGISTERED_RESOURCES_TYPE_UNSPECIFIED0

        GetResourceMappingGroupGetResourceMappingGroupRequestGetResourceMappingGroupResponseSORT_REGISTERED_RESOURCES_TYPE_NAME1

        CreateResourceMappingGroupCreateResourceMappingGroupRequestCreateResourceMappingGroupResponseSORT_REGISTERED_RESOURCES_TYPE_CREATED_AT2

        UpdateResourceMappingGroupUpdateResourceMappingGroupRequestUpdateResourceMappingGroupResponseSORT_REGISTERED_RESOURCES_TYPE_UPDATED_AT3

        DeleteResourceMappingGroupDeleteResourceMappingGroupRequestDeleteResourceMappingGroupResponse

        + + + + + +

        RegisteredResourcesService

        +

        Registered Resources

        + + + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - -
        Method NameRequest TypeResponse TypeDescription
        ListResourceMappingsListResourceMappingsRequestListResourceMappingsResponseCreateRegisteredResourceCreateRegisteredResourceRequestCreateRegisteredResourceResponse

        ListResourceMappingsByGroupFqnsListResourceMappingsByGroupFqnsRequestListResourceMappingsByGroupFqnsResponseGetRegisteredResourceGetRegisteredResourceRequestGetRegisteredResourceResponse

        GetResourceMappingGetResourceMappingRequestGetResourceMappingResponseListRegisteredResourcesListRegisteredResourcesRequestListRegisteredResourcesResponse

        CreateResourceMappingCreateResourceMappingRequestCreateResourceMappingResponseUpdateRegisteredResourceUpdateRegisteredResourceRequestUpdateRegisteredResourceResponse

        UpdateResourceMappingUpdateResourceMappingRequestUpdateResourceMappingResponseDeleteRegisteredResourceDeleteRegisteredResourceRequestDeleteRegisteredResourceResponse

        DeleteResourceMappingDeleteResourceMappingRequestDeleteResourceMappingResponseCreateRegisteredResourceValueCreateRegisteredResourceValueRequestCreateRegisteredResourceValueResponse

        - - - - -

        Methods with idempotency_level option

        - - - - - - - - - - - + + + + - - + + + + - - + + + + - - + + + + - - + + + + - -
        Method NameOption
        ListResourceMappingGroups

        NO_SIDE_EFFECTS

        		GetRegisteredResourceValueGetRegisteredResourceValueRequestGetRegisteredResourceValueResponse
        GetResourceMappingGroup

        NO_SIDE_EFFECTS

        		GetRegisteredResourceValuesByFQNsGetRegisteredResourceValuesByFQNsRequestGetRegisteredResourceValuesByFQNsResponse
        ListResourceMappings

        NO_SIDE_EFFECTS

        		ListRegisteredResourceValuesListRegisteredResourceValuesRequestListRegisteredResourceValuesResponse
        ListResourceMappingsByGroupFqns

        NO_SIDE_EFFECTS

        		UpdateRegisteredResourceValueUpdateRegisteredResourceValueRequestUpdateRegisteredResourceValueResponse
        GetResourceMapping

        NO_SIDE_EFFECTS

        		DeleteRegisteredResourceValueDeleteRegisteredResourceValueRequestDeleteRegisteredResourceValueResponse
        - + + +
        -

        policy/subjectmapping/subject_mapping.proto

        Top +

        policy/resourcemapping/resource_mapping.proto

        Top

        -

        CreateSubjectConditionSetRequest

        +

        CreateResourceMappingGroupRequest

        @@ -16103,24 +16994,24 @@

        CreateSubjectCon - subject_condition_set - SubjectConditionSetCreate + namespace_id + string -

        +

        Required

        - namespace_id + name string -

        +

        Required

        - namespace_fqn - string + metadata + common.MetadataMutable -

        +

        Common metadata

        @@ -16130,7 +17021,7 @@

        CreateSubjectCon -

        CreateSubjectConditionSetResponse

        +

        CreateResourceMappingGroupResponse

        @@ -16141,8 +17032,8 @@

        CreateSubjectCo - subject_condition_set - policy.SubjectConditionSet + resource_mapping_group + policy.ResourceMappingGroup

        @@ -16154,7 +17045,7 @@

        CreateSubjectCo -

        CreateSubjectMappingRequest

        +

        CreateResourceMappingRequest

        @@ -16168,46 +17059,21 @@

        CreateSubjectMappingR attribute_value_id string -

        Required -Attribute Value to be mapped to

        - - - - actions - policy.Action - repeated -

        Required -The actions permitted by subjects in this mapping

        - - - - existing_subject_condition_set_id - string - -

        Either of the following: -Reuse existing SubjectConditionSet (NOTE: prioritized over new_subject_condition_set)

        - - - - new_subject_condition_set - SubjectConditionSetCreate - -

        Create new SubjectConditionSet (NOTE: ignored if existing_subject_condition_set_id is provided)

        +

        Required

        - namespace_id + terms string - -

        Optional -Namespace ID or FQN for the subject mapping

        + repeated +

        Required

        - namespace_fqn + group_id string -

        +

        Optional

        @@ -16224,7 +17090,7 @@

        CreateSubjectMappingR -

        CreateSubjectMappingResponse

        +

        CreateResourceMappingResponse

        @@ -16235,8 +17101,8 @@

        CreateSubjectMapping - subject_mapping - policy.SubjectMapping + resource_mapping + policy.ResourceMapping

        @@ -16248,38 +17114,7 @@

        CreateSubjectMapping -

        DeleteAllUnmappedSubjectConditionSetsRequest

        -

        Prune any Subject Condition Sets not utilized within a Subject Mapping

        - - - - - -

        DeleteAllUnmappedSubjectConditionSetsResponse

        -

        - - - - - - - - - - - - - - - - -
        FieldTypeLabelDescription
        subject_condition_setspolicy.SubjectConditionSetrepeated

        Only IDs of any deleted Subject Condition Set provided

        - - - - - -

        DeleteSubjectConditionSetRequest

        +

        DeleteResourceMappingGroupRequest

        @@ -16303,7 +17138,7 @@

        DeleteSubjectCon -

        DeleteSubjectConditionSetResponse

        +

        DeleteResourceMappingGroupResponse

        @@ -16314,10 +17149,10 @@

        DeleteSubjectCo - subject_condition_set - policy.SubjectConditionSet + resource_mapping_group + policy.ResourceMappingGroup -

        Only ID of deleted Subject Condition Set provided

        +

        @@ -16327,7 +17162,7 @@

        DeleteSubjectCo -

        DeleteSubjectMappingRequest

        +

        DeleteResourceMappingRequest

        @@ -16351,7 +17186,7 @@

        DeleteSubjectMappingR -

        DeleteSubjectMappingResponse

        +

        DeleteResourceMappingResponse

        @@ -16362,10 +17197,10 @@

        DeleteSubjectMapping - subject_mapping - policy.SubjectMapping + resource_mapping + policy.ResourceMapping -

        Only ID of the updated Subject Mapping provided

        +

        @@ -16375,7 +17210,7 @@

        DeleteSubjectMapping -

        GetSubjectConditionSetRequest

        +

        GetResourceMappingGroupRequest

        @@ -16399,7 +17234,7 @@

        GetSubjectCondition -

        GetSubjectConditionSetResponse

        +

        GetResourceMappingGroupResponse

        @@ -16410,19 +17245,12 @@

        GetSubjectConditio - subject_condition_set - policy.SubjectConditionSet + resource_mapping_group + policy.ResourceMappingGroup

        - - associated_subject_mappings - policy.SubjectMapping - repeated -

        contextualized Subject Mappings associated with this SubjectConditionSet

        - - @@ -16430,7 +17258,7 @@

        GetSubjectConditio -

        GetSubjectMappingRequest

        +

        GetResourceMappingRequest

        @@ -16454,7 +17282,7 @@

        GetSubjectMappingRequest -

        GetSubjectMappingResponse

        +

        GetResourceMappingResponse

        @@ -16465,8 +17293,8 @@

        GetSubjectMappingRespon - subject_mapping - policy.SubjectMapping + resource_mapping + policy.ResourceMapping

        @@ -16478,7 +17306,7 @@

        GetSubjectMappingRespon -

        ListSubjectConditionSetsRequest

        +

        ListResourceMappingGroupsRequest

        @@ -16492,14 +17320,7 @@

        ListSubjectCondit namespace_id string -

        - - - - namespace_fqn - string - -

        +

        Optional

        @@ -16509,17 +17330,6 @@

        ListSubjectCondit

        Optional

        - - sort - SubjectConditionSetsSort - repeated -

        Optional - CONSTRAINT: max 1 item -Sort defaults: - - direction UNSPECIFIED defaults to DESC for the specified field - - field UNSPECIFIED defaults to created_at with the specified direction - - both UNSPECIFIED or sort omitted defaults to created_at DESC

        - - @@ -16527,7 +17337,7 @@

        ListSubjectCondit -

        ListSubjectConditionSetsResponse

        +

        ListResourceMappingGroupsResponse

        @@ -16538,8 +17348,8 @@

        ListSubjectCondi - subject_condition_sets - policy.SubjectConditionSet + resource_mapping_groups + policy.ResourceMappingGroup repeated

        @@ -16558,7 +17368,7 @@

        ListSubjectCondi -

        ListSubjectMappingsRequest

        +

        ListResourceMappingsByGroupFqnsRequest

        @@ -16569,35 +17379,11 @@

        ListSubjectMappingsReq - namespace_id - string - -

        - - - - namespace_fqn + fqns string - -

        - - - - pagination - policy.PageRequest - -

        Optional

        - - - - sort - SubjectMappingsSort repeated -

        Optional - CONSTRAINT: max 1 item -Sort defaults: - - direction UNSPECIFIED defaults to DESC for the specified field - - field UNSPECIFIED defaults to created_at with the specified direction - - both UNSPECIFIED or sort omitted defaults to created_at DESC

        +

        Required +Structure of the RM Group FQN is 'https://<namespace>/resm/<group name>'

        @@ -16607,7 +17393,7 @@

        ListSubjectMappingsReq -

        ListSubjectMappingsResponse

        +

        ListResourceMappingsByGroupFqnsResponse

        @@ -16618,19 +17404,12 @@

        ListSubjectMappingsRe - subject_mappings - policy.SubjectMapping + fqn_resource_mapping_groups + ListResourceMappingsByGroupFqnsResponse.FqnResourceMappingGroupsEntry repeated

        - - pagination - policy.PageResponse - -

        - - @@ -16638,8 +17417,8 @@

        ListSubjectMappingsRe -

        MatchSubjectMappingsRequest

        -

        MatchSubjectMappingsRequest liberally returns a list of SubjectMappings based on the provided SubjectProperties.

        The SubjectMappings are returned if an external selector field matches.

        +

        ListResourceMappingsByGroupFqnsResponse.FqnResourceMappingGroupsEntry

        +

        @@ -16649,33 +17428,16 @@

        MatchSubjectMappingsR

        - - - - - - - -
        subject_propertiespolicy.SubjectPropertyrepeated

        - - - - - -

        MatchSubjectMappingsResponse

        -

        - - - - - - - + + + + + - - - + + + @@ -16686,7 +17448,7 @@

        MatchSubjectMappings -

        SubjectConditionSetCreate

        +

        ListResourceMappingsRequest

        @@ -16697,18 +17459,17 @@

        SubjectConditionSetCrea

        - - - - + + + + - - + + - + @@ -16718,7 +17479,7 @@

        SubjectConditionSetCrea -

        SubjectConditionSetsSort

        +

        ListResourceMappingsResponse

        @@ -16729,15 +17490,15 @@

        SubjectConditionSetsSort

        - - - + + + - - + + @@ -16749,7 +17510,7 @@

        SubjectConditionSetsSort -

        SubjectMappingsSort

        +

        ResourceMappingsByGroup

        @@ -16760,16 +17521,16 @@

        SubjectMappingsSort

        - - + + - - - + + + @@ -16780,7 +17541,7 @@

        SubjectMappingsSort

        -

        UpdateSubjectConditionSetRequest

        +

        UpdateResourceMappingGroupRequest

        @@ -16798,11 +17559,17 @@

        UpdateSubjectCon

        - - - - + + + + + + + + + + + @@ -16826,7 +17593,7 @@

        UpdateSubjectCon -

        UpdateSubjectConditionSetResponse

        +

        UpdateResourceMappingGroupResponse

        @@ -16837,10 +17604,10 @@

        UpdateSubjectCo

        - - + + - + @@ -16850,7 +17617,7 @@

        UpdateSubjectCo -

        UpdateSubjectMappingRequest

        +

        UpdateResourceMappingRequest

        @@ -16868,26 +17635,32 @@

        UpdateSubjectMappingR

        - + - + - - + + - + + + + + + + + - + @@ -16904,7 +17677,7 @@

        UpdateSubjectMappingR -

        UpdateSubjectMappingResponse

        +

        UpdateResourceMappingResponse

        @@ -16915,10 +17688,10 @@

        UpdateSubjectMapping

        - - + + - + @@ -16930,70 +17703,12 @@

        UpdateSubjectMapping -

        SortSubjectConditionSetsType

        -

        -
        FieldTypeLabelDescription
        keystring

        subject_mappingspolicy.SubjectMappingrepeatedvalueResourceMappingsByGroup

        subject_setspolicy.SubjectSetrepeated

        Required

        		group_idstring

        Optional

        metadatacommon.MetadataMutablepaginationpolicy.PageRequest

        Optional -Common metadata

        Optional

        fieldSortSubjectConditionSetsTyperesource_mappingspolicy.ResourceMappingrepeated

        directionpolicy.SortDirectionpaginationpolicy.PageResponse

        fieldSortSubjectMappingsTypegrouppolicy.ResourceMappingGroup

        directionpolicy.SortDirectionmappingspolicy.ResourceMappingrepeated

        subject_setspolicy.SubjectSetrepeated

        Optional -If provided, replaces entire existing structure of Subject Sets, Condition Groups, & Conditions

        		namespace_idstring

        Optional

        namestring

        Optional

        subject_condition_setpolicy.SubjectConditionSetresource_mapping_grouppolicy.ResourceMappingGroup

        Only ID of updated Subject Condition Set provided

        subject_condition_set_idattribute_value_id string

        Optional -Replaces the existing SubjectConditionSet id with a new one

        Optional

        actionspolicy.Actiontermsstring repeated

        Optional -Replaces entire list of actions permitted by subjects

        Optional

        group_idstring

        Optional

        metadata common.MetadataMutable

        Common metadata

        Optional +Common Metadata

        subject_mappingpolicy.SubjectMappingresource_mappingpolicy.ResourceMapping

        Only ID of the updated Subject Mapping provided

        - - - - - - - - - - - - - - - - - - - - - - - - -
        NameNumberDescription
        SORT_SUBJECT_CONDITION_SETS_TYPE_UNSPECIFIED0

        SORT_SUBJECT_CONDITION_SETS_TYPE_CREATED_AT1

        SORT_SUBJECT_CONDITION_SETS_TYPE_UPDATED_AT2

        - -

        SortSubjectMappingsType

        -

        - - - - - - - - - - - - - - - - - - - - - - - - - -
        NameNumberDescription
        SORT_SUBJECT_MAPPINGS_TYPE_UNSPECIFIED0

        SORT_SUBJECT_MAPPINGS_TYPE_CREATED_AT1

        SORT_SUBJECT_MAPPINGS_TYPE_UPDATED_AT2

        - -

        SubjectMappingService

        -

        +

        ResourceMappingService

        +

        Resource Mapping Groups

        @@ -17001,86 +17716,79 @@

        SubjectMappingService

        - - - - - - - - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + - - - + + + @@ -17101,22 +17809,27 @@

        Methods with idempotency_level option

        - + - + - + - + + + + + + diff --git a/docs/openapi/authorization/authorization.openapi.yaml b/docs/openapi/authorization/authorization.openapi.yaml index 1f3648bae8..bc3a5104e6 100644 --- a/docs/openapi/authorization/authorization.openapi.yaml +++ b/docs/openapi/authorization/authorization.openapi.yaml @@ -133,6 +133,7 @@ components: Example Request Get Decisions to answer the question - Do Bob (represented by entity chain ec1) and Alice (represented by entity chain ec2) have TRANSMIT authorization for 2 resources; resource1 (attr-set-1) defined by attributes foo:bar resource2 (attr-set-2) defined by attribute foo:bar, color:red ? + { "actions": [ { @@ -204,11 +205,13 @@ components: Example response for a Decision Request - Do Bob (represented by entity chain ec1) and Alice (represented by entity chain ec2) have TRANSMIT authorization for 2 resources; resource1 (attr-set-1) defined by attributes foo:bar resource2 (attr-set-2) defined by attribute foo:bar, color:red ? + Results: - bob has permitted authorization to transmit for a resource defined by attr-set-1 attributes and has a watermark obligation - bob has denied authorization to transmit a for a resource defined by attr-set-2 attributes - alice has permitted authorization to transmit for a resource defined by attr-set-1 attributes - alice has denied authorization to transmit a for a resource defined by attr-set-2 attributes + { "entityChainId": "ec1", "resourceAttributesId": "attr-set-1", @@ -420,7 +423,9 @@ components: additionalProperties: false description: |- Request to get entitlements for one or more entities for an optional attribute scope + Example: Get entitlements for bob and alice (both represented using an email address + { "entities": [ { @@ -451,6 +456,7 @@ components: additionalProperties: false description: |- Example Response for a request of : Get entitlements for bob and alice (both represented using an email address + { "entitlements": [ { @@ -522,6 +528,7 @@ components: Example Request Get Decisions by Token to answer the question - Do Bob and client1 (represented by token tok1) and Alice and client2 (represented by token tok2) have TRANSMIT authorization for 2 resources; resource1 (attr-set-1) defined by attributes foo:bar resource2 (attr-set-2) defined by attribute foo:bar, color:red ? + { "actions": [ { diff --git a/docs/openapi/policy/dynamicvaluemapping/dynamic_value_mapping.openapi.yaml b/docs/openapi/policy/dynamicvaluemapping/dynamic_value_mapping.openapi.yaml new file mode 100644 index 0000000000..fd0fb63dc6 --- /dev/null +++ b/docs/openapi/policy/dynamicvaluemapping/dynamic_value_mapping.openapi.yaml @@ -0,0 +1,1454 @@ +openapi: 3.1.0 +info: + title: policy.dynamicvaluemapping +paths: + /policy.dynamicvaluemapping.DynamicValueMappingService/CreateDynamicValueMapping: + post: + tags: + - policy.dynamicvaluemapping.DynamicValueMappingService + summary: CreateDynamicValueMapping + operationId: policy.dynamicvaluemapping.DynamicValueMappingService.CreateDynamicValueMapping + parameters: + - name: Connect-Protocol-Version + in: header + required: true + schema: + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.dynamicvaluemapping.CreateDynamicValueMappingRequest' + required: true + responses: + default: + description: Error + content: + application/json: + schema: + $ref: '#/components/schemas/connect.error' + "200": + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/policy.dynamicvaluemapping.CreateDynamicValueMappingResponse' + /policy.dynamicvaluemapping.DynamicValueMappingService/DeleteDynamicValueMapping: + post: + tags: + - policy.dynamicvaluemapping.DynamicValueMappingService + summary: DeleteDynamicValueMapping + operationId: policy.dynamicvaluemapping.DynamicValueMappingService.DeleteDynamicValueMapping + parameters: + - name: Connect-Protocol-Version + in: header + required: true + schema: + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.dynamicvaluemapping.DeleteDynamicValueMappingRequest' + required: true + responses: + default: + description: Error + content: + application/json: + schema: + $ref: '#/components/schemas/connect.error' + "200": + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/policy.dynamicvaluemapping.DeleteDynamicValueMappingResponse' + /policy.dynamicvaluemapping.DynamicValueMappingService/GetDynamicValueMapping: + post: + tags: + - policy.dynamicvaluemapping.DynamicValueMappingService + summary: GetDynamicValueMapping + operationId: policy.dynamicvaluemapping.DynamicValueMappingService.GetDynamicValueMapping + parameters: + - name: Connect-Protocol-Version + in: header + required: true + schema: + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.dynamicvaluemapping.GetDynamicValueMappingRequest' + required: true + responses: + default: + description: Error + content: + application/json: + schema: + $ref: '#/components/schemas/connect.error' + "200": + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/policy.dynamicvaluemapping.GetDynamicValueMappingResponse' + /policy.dynamicvaluemapping.DynamicValueMappingService/ListDynamicValueMappings: + post: + tags: + - policy.dynamicvaluemapping.DynamicValueMappingService + summary: ListDynamicValueMappings + operationId: policy.dynamicvaluemapping.DynamicValueMappingService.ListDynamicValueMappings + parameters: + - name: Connect-Protocol-Version + in: header + required: true + schema: + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.dynamicvaluemapping.ListDynamicValueMappingsRequest' + required: true + responses: + default: + description: Error + content: + application/json: + schema: + $ref: '#/components/schemas/connect.error' + "200": + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/policy.dynamicvaluemapping.ListDynamicValueMappingsResponse' + /policy.dynamicvaluemapping.DynamicValueMappingService/UpdateDynamicValueMapping: + post: + tags: + - policy.dynamicvaluemapping.DynamicValueMappingService + summary: UpdateDynamicValueMapping + operationId: policy.dynamicvaluemapping.DynamicValueMappingService.UpdateDynamicValueMapping + parameters: + - name: Connect-Protocol-Version + in: header + required: true + schema: + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.dynamicvaluemapping.UpdateDynamicValueMappingRequest' + required: true + responses: + default: + description: Error + content: + application/json: + schema: + $ref: '#/components/schemas/connect.error' + "200": + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/policy.dynamicvaluemapping.UpdateDynamicValueMappingResponse' +components: + schemas: + common.Metadata: + type: object + properties: + createdAt: + title: created_at + description: created_at set by server (entity who created will recorded in an audit event) + $ref: '#/components/schemas/google.protobuf.Timestamp' + updatedAt: + title: updated_at + description: updated_at set by server (entity who updated will recorded in an audit event) + $ref: '#/components/schemas/google.protobuf.Timestamp' + labels: + type: object + title: labels + additionalProperties: + type: string + title: value + description: optional short description + title: Metadata + additionalProperties: false + description: Struct to uniquely identify a resource with optional additional metadata + common.Metadata.LabelsEntry: + type: object + properties: + key: + type: string + title: key + value: + type: string + title: value + title: LabelsEntry + additionalProperties: false + common.MetadataMutable: + type: object + properties: + labels: + type: object + title: labels + additionalProperties: + type: string + title: value + description: optional labels + title: MetadataMutable + additionalProperties: false + common.MetadataMutable.LabelsEntry: + type: object + properties: + key: + type: string + title: key + value: + type: string + title: value + title: LabelsEntry + additionalProperties: false + common.MetadataUpdateEnum: + type: string + title: MetadataUpdateEnum + enum: + - METADATA_UPDATE_ENUM_UNSPECIFIED + - METADATA_UPDATE_ENUM_EXTEND + - METADATA_UPDATE_ENUM_REPLACE + connect-protocol-version: + type: number + title: Connect-Protocol-Version + enum: + - 1 + description: Define the version of the Connect protocol + const: 1 + connect-timeout-header: + type: number + title: Connect-Timeout-Ms + description: Define the timeout, in ms + connect.error: + type: object + properties: + code: + type: string + examples: + - not_found + enum: + - canceled + - unknown + - invalid_argument + - deadline_exceeded + - not_found + - already_exists + - permission_denied + - resource_exhausted + - failed_precondition + - aborted + - out_of_range + - unimplemented + - internal + - unavailable + - data_loss + - unauthenticated + description: The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code]. + message: + type: string + description: A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client. + details: + type: array + items: + $ref: '#/components/schemas/connect.error_details.Any' + description: A list of messages that carry the error details. There is no limit on the number of messages. + title: Connect Error + additionalProperties: true + description: 'Error type returned by Connect: https://connectrpc.com/docs/go/errors/#http-representation' + connect.error_details.Any: + type: object + properties: + type: + type: string + description: 'A URL that acts as a globally unique identifier for the type of the serialized message. For example: `type.googleapis.com/google.rpc.ErrorInfo`. This is used to determine the schema of the data in the `value` field and is the discriminator for the `debug` field.' + value: + type: string + format: binary + description: The Protobuf message, serialized as bytes and base64-encoded. The specific message type is identified by the `type` field. + debug: + oneOf: + - type: object + title: Any + additionalProperties: true + description: Detailed error information. + discriminator: + propertyName: type + title: Debug + description: Deserialized error detail payload. The 'type' field indicates the schema. This field is for easier debugging and should not be relied upon for application logic. + additionalProperties: true + description: Contains an arbitrary serialized message along with a @type that describes the type of the serialized message, with an additional debug field for ConnectRPC error details. + google.protobuf.BoolValue: + type: boolean + description: |- + Wrapper message for `bool`. + + The JSON representation for `BoolValue` is JSON `true` and `false`. + + Not recommended for use in new APIs, but still useful for legacy APIs and + has no plan to be removed. + google.protobuf.Timestamp: + type: string + examples: + - "2023-01-15T01:30:15.01Z" + - "2024-12-25T12:00:00Z" + format: date-time + description: |- + A Timestamp represents a point in time independent of any time zone or local + calendar, encoded as a count of seconds and fractions of seconds at + nanosecond resolution. The count is relative to an epoch at UTC midnight on + January 1, 1970, in the proleptic Gregorian calendar which extends the + Gregorian calendar backwards to year one. + + All minutes are 60 seconds long. Leap seconds are "smeared" so that no leap + second table is needed for interpretation, using a [24-hour linear + smear](https://developers.google.com/time/smear). + + The range is from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z. By + restricting to that range, we ensure that we can convert to and from [RFC + 3339](https://www.ietf.org/rfc/rfc3339.txt) date strings. + + # Examples + + Example 1: Compute Timestamp from POSIX `time()`. + + Timestamp timestamp; + timestamp.set_seconds(time(NULL)); + timestamp.set_nanos(0); + + Example 2: Compute Timestamp from POSIX `gettimeofday()`. + + struct timeval tv; + gettimeofday(&tv, NULL); + + Timestamp timestamp; + timestamp.set_seconds(tv.tv_sec); + timestamp.set_nanos(tv.tv_usec * 1000); + + Example 3: Compute Timestamp from Win32 `GetSystemTimeAsFileTime()`. + + FILETIME ft; + GetSystemTimeAsFileTime(&ft); + UINT64 ticks = (((UINT64)ft.dwHighDateTime) << 32) | ft.dwLowDateTime; + + // A Windows tick is 100 nanoseconds. Windows epoch 1601-01-01T00:00:00Z + // is 11644473600 seconds before Unix epoch 1970-01-01T00:00:00Z. + Timestamp timestamp; + timestamp.set_seconds((INT64) ((ticks / 10000000) - 11644473600LL)); + timestamp.set_nanos((INT32) ((ticks % 10000000) * 100)); + + Example 4: Compute Timestamp from Java `System.currentTimeMillis()`. + + long millis = System.currentTimeMillis(); + + Timestamp timestamp = Timestamp.newBuilder().setSeconds(millis / 1000) + .setNanos((int) ((millis % 1000) * 1000000)).build(); + + Example 5: Compute Timestamp from Java `Instant.now()`. + + Instant now = Instant.now(); + + Timestamp timestamp = + Timestamp.newBuilder().setSeconds(now.getEpochSecond()) + .setNanos(now.getNano()).build(); + + Example 6: Compute Timestamp from current time in Python. + + timestamp = Timestamp() + timestamp.GetCurrentTime() + + # JSON Mapping + + In JSON format, the Timestamp type is encoded as a string in the + [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format. That is, the + format is "{year}-{month}-{day}T{hour}:{min}:{sec}[.{frac_sec}]Z" + where {year} is always expressed using four digits while {month}, {day}, + {hour}, {min}, and {sec} are zero-padded to two digits each. The fractional + seconds, which can go up to 9 digits (i.e. up to 1 nanosecond resolution), + are optional. The "Z" suffix indicates the timezone ("UTC"); the timezone + is required. A proto3 JSON serializer should always use UTC (as indicated by + "Z") when printing the Timestamp type and a proto3 JSON parser should be + able to accept both UTC and other timezones (as indicated by an offset). + + For example, "2017-01-15T01:30:15.01Z" encodes 15.01 seconds past + 01:30 UTC on January 15, 2017. + + In JavaScript, one can convert a Date object to this format using the + standard + [toISOString()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/toISOString) + method. In Python, a standard `datetime.datetime` object can be converted + to this format using + [`strftime`](https://docs.python.org/2/library/time.html#time.strftime) with + the time format spec '%Y-%m-%dT%H:%M:%S.%fZ'. Likewise, in Java, one can use + the Joda Time's [`ISODateTimeFormat.dateTime()`]( + http://joda-time.sourceforge.net/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateTime() + ) to obtain a formatter capable of generating timestamps in this format. + policy.Action: + type: object + allOf: + - properties: + id: + type: string + title: id + description: Generated uuid in database + name: + type: string + title: name + namespace: + title: namespace + description: Namespace context for this action + $ref: '#/components/schemas/policy.Namespace' + metadata: + title: metadata + $ref: '#/components/schemas/common.Metadata' + - oneOf: + - type: object + properties: + custom: + type: string + title: custom + description: Deprecated + title: custom + required: + - custom + - type: object + properties: + standard: + title: standard + description: Deprecated + $ref: '#/components/schemas/policy.Action.StandardAction' + title: standard + required: + - standard + title: Action + additionalProperties: false + description: An action an entity can take + policy.Action.StandardAction: + type: string + title: StandardAction + enum: + - STANDARD_ACTION_UNSPECIFIED + - STANDARD_ACTION_DECRYPT + - STANDARD_ACTION_TRANSMIT + policy.Algorithm: + type: string + title: Algorithm + enum: + - ALGORITHM_UNSPECIFIED + - ALGORITHM_RSA_2048 + - ALGORITHM_RSA_4096 + - ALGORITHM_EC_P256 + - ALGORITHM_EC_P384 + - ALGORITHM_EC_P521 + - ALGORITHM_HPQT_XWING + - ALGORITHM_HPQT_SECP256R1_MLKEM768 + - ALGORITHM_HPQT_SECP384R1_MLKEM1024 + description: Supported key algorithms. + policy.Attribute: + type: object + properties: + id: + type: string + title: id + namespace: + title: namespace + description: namespace of the attribute + $ref: '#/components/schemas/policy.Namespace' + name: + type: string + title: name + description: attribute name + rule: + title: rule + description: attribute rule enum + $ref: '#/components/schemas/policy.AttributeRuleTypeEnum' + values: + type: array + items: + $ref: '#/components/schemas/policy.Value' + title: values + grants: + type: array + items: + $ref: '#/components/schemas/policy.KeyAccessServer' + title: grants + description: Deprecated KAS grants for the attribute. Use kas_keys instead. + fqn: + type: string + title: fqn + active: + title: active + description: active by default until explicitly deactivated + $ref: '#/components/schemas/google.protobuf.BoolValue' + kasKeys: + type: array + items: + $ref: '#/components/schemas/policy.SimpleKasKey' + title: kas_keys + description: Keys associated with the attribute + allowTraversal: + title: allow_traversal + description: |- + Whether or not we will use the attribute definition during encryption + if the attribute value is missing. + $ref: '#/components/schemas/google.protobuf.BoolValue' + metadata: + title: metadata + description: Common metadata + $ref: '#/components/schemas/common.Metadata' + title: Attribute + required: + - rule + additionalProperties: false + policy.AttributeRuleTypeEnum: + type: string + title: AttributeRuleTypeEnum + enum: + - ATTRIBUTE_RULE_TYPE_ENUM_UNSPECIFIED + - ATTRIBUTE_RULE_TYPE_ENUM_ALL_OF + - ATTRIBUTE_RULE_TYPE_ENUM_ANY_OF + - ATTRIBUTE_RULE_TYPE_ENUM_HIERARCHY + policy.Condition: + type: object + properties: + subjectExternalSelectorValue: + type: string + title: subject_external_selector_value + description: |- + a selector for a field value on a flattened Entity Representation (such as + from idP/LDAP) + operator: + title: operator + description: the evaluation operator of relation + $ref: '#/components/schemas/policy.SubjectMappingOperatorEnum' + subjectExternalValues: + type: array + items: + type: string + title: subject_external_values + minItems: 1 + description: |- + list of comparison values for the result of applying the + subject_external_selector_value on a flattened Entity Representation + (Subject), evaluated by the operator + title: Condition + required: + - subjectExternalSelectorValue + - operator + additionalProperties: false + description: |- + * + A Condition defines a rule of + policy.ConditionBooleanTypeEnum: + type: string + title: ConditionBooleanTypeEnum + enum: + - CONDITION_BOOLEAN_TYPE_ENUM_UNSPECIFIED + - CONDITION_BOOLEAN_TYPE_ENUM_AND + - CONDITION_BOOLEAN_TYPE_ENUM_OR + policy.ConditionGroup: + type: object + properties: + conditions: + type: array + items: + $ref: '#/components/schemas/policy.Condition' + title: conditions + minItems: 1 + booleanOperator: + title: boolean_operator + description: the boolean evaluation type across the conditions + $ref: '#/components/schemas/policy.ConditionBooleanTypeEnum' + title: ConditionGroup + required: + - booleanOperator + additionalProperties: false + description: A collection of Conditions evaluated by the boolean_operator provided + policy.DynamicValueMapping: + type: object + properties: + id: + type: string + title: id + attributeDefinition: + title: attribute_definition + description: the Attribute Definition whose values are entitled dynamically + $ref: '#/components/schemas/policy.Attribute' + valueResolver: + title: value_resolver + description: the dynamic resolver matched against the requested resource value segment + $ref: '#/components/schemas/policy.DynamicValueResolver' + subjectConditionSet: + title: subject_condition_set + description: |- + optional static pre-gate on the entity, evaluated with normal SubjectConditionSet + semantics (no dynamic overload). When present, both the gate and the resolver must + pass for entitlement. + $ref: '#/components/schemas/policy.SubjectConditionSet' + actions: + type: array + items: + $ref: '#/components/schemas/policy.Action' + title: actions + description: the actions permitted by subjects in this mapping + namespace: + title: namespace + description: the namespace containing this mapping + $ref: '#/components/schemas/policy.Namespace' + metadata: + title: metadata + $ref: '#/components/schemas/common.Metadata' + title: DynamicValueMapping + additionalProperties: false + description: |- + Dynamic Value Mapping: a Policy assigning permitted action(s) to + dynamically-requested values under an Attribute Definition. It raises entitlement + authority from a concrete Attribute Value to the Attribute Definition: at decision time + the value_resolver compares the requested resource value segment against the entity + representation, avoiding pre-provisioning a value + subject mapping per discrete value. + policy.DynamicValueOperatorEnum: + type: string + title: DynamicValueOperatorEnum + enum: + - DYNAMIC_VALUE_OPERATOR_ENUM_UNSPECIFIED + - DYNAMIC_VALUE_OPERATOR_ENUM_RESOURCE_VALUE_IN + - DYNAMIC_VALUE_OPERATOR_ENUM_RESOURCE_VALUE_IN_CONTAINS + description: |- + Operators for dynamic, definition-level value entitlement. Unlike + SubjectMappingOperatorEnum, whose right-hand operand is a static list authored into + policy, a DynamicValueOperatorEnum's right-hand operand is the requested resource's + attribute value segment, supplied at decision time. Each value is the inversion of its + static SubjectMappingOperatorEnum counterpart. + policy.DynamicValueResolver: + type: object + properties: + subjectExternalSelectorValue: + type: string + title: subject_external_selector_value + description: |- + a selector for a field value on a flattened Entity Representation (such as from + idP/LDAP), e.g. ".patientAssignments[]" + operator: + title: operator + description: the dynamic operator comparing the selector result to the resource value segment + $ref: '#/components/schemas/policy.DynamicValueOperatorEnum' + title: DynamicValueResolver + required: + - subjectExternalSelectorValue + - operator + additionalProperties: false + description: |- + Definition Value Resolver: the dynamic half of a DynamicValueMapping. It + resolves a selector against the entity representation and compares the result to the + requested resource value segment using a DynamicValueOperatorEnum. + policy.KasPublicKey: + type: object + properties: + pem: + type: string + title: pem + maxLength: 8192 + minLength: 1 + description: x509 ASN.1 content in PEM envelope, usually + kid: + type: string + title: kid + maxLength: 32 + minLength: 1 + description: A unique string identifier for this key + alg: + not: + enum: + - KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED + title: alg + description: |- + A known algorithm type with any additional parameters encoded. + To start, these may be `rsa:2048` for RSA-based wrapping and + `ec:secp256r1` for EC-based wrapping, but more formats may be added as needed. + $ref: '#/components/schemas/policy.KasPublicKeyAlgEnum' + title: KasPublicKey + additionalProperties: false + description: |- + Deprecated + A KAS public key and some associated metadata for further identifcation + policy.KasPublicKeyAlgEnum: + type: string + title: KasPublicKeyAlgEnum + enum: + - KAS_PUBLIC_KEY_ALG_ENUM_UNSPECIFIED + - KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048 + - KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096 + - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1 + - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1 + - KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1 + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_XWING + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP256R1_MLKEM768 + - KAS_PUBLIC_KEY_ALG_ENUM_HPQT_SECP384R1_MLKEM1024 + policy.KasPublicKeySet: + type: object + properties: + keys: + type: array + items: + $ref: '#/components/schemas/policy.KasPublicKey' + title: keys + title: KasPublicKeySet + additionalProperties: false + description: |- + Deprecated + A list of known KAS public keys + policy.KeyAccessServer: + type: object + properties: + id: + type: string + title: id + uri: + type: string + title: uri + description: | + Address of a KAS instance + uri_format // URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes. + publicKey: + title: public_key + description: 'Deprecated: KAS can have multiple key pairs' + $ref: '#/components/schemas/policy.PublicKey' + sourceType: + title: source_type + description: 'The source of the KAS: (INTERNAL, EXTERNAL)' + $ref: '#/components/schemas/policy.SourceType' + kasKeys: + type: array + items: + $ref: '#/components/schemas/policy.SimpleKasKey' + title: kas_keys + description: Kas keys associated with this KAS + name: + type: string + title: name + description: |- + Optional + Unique name of the KAS instance + metadata: + title: metadata + description: Common metadata + $ref: '#/components/schemas/common.Metadata' + title: KeyAccessServer + additionalProperties: false + description: Key Access Server Registry + policy.Namespace: + type: object + properties: + id: + type: string + title: id + description: generated uuid in database + name: + type: string + title: name + description: |- + used to partition Attribute Definitions, support by namespace AuthN and + enable federation + fqn: + type: string + title: fqn + active: + title: active + description: active by default until explicitly deactivated + $ref: '#/components/schemas/google.protobuf.BoolValue' + metadata: + title: metadata + $ref: '#/components/schemas/common.Metadata' + grants: + type: array + items: + $ref: '#/components/schemas/policy.KeyAccessServer' + title: grants + description: Deprecated KAS grants for the namespace. Use kas_keys instead. + kasKeys: + type: array + items: + $ref: '#/components/schemas/policy.SimpleKasKey' + title: kas_keys + description: Keys for the namespace + title: Namespace + additionalProperties: false + policy.Obligation: + type: object + properties: + id: + type: string + title: id + namespace: + title: namespace + $ref: '#/components/schemas/policy.Namespace' + name: + type: string + title: name + values: + type: array + items: + $ref: '#/components/schemas/policy.ObligationValue' + title: values + fqn: + type: string + title: fqn + metadata: + title: metadata + $ref: '#/components/schemas/common.Metadata' + title: Obligation + additionalProperties: false + policy.ObligationTrigger: + type: object + properties: + id: + type: string + title: id + obligationValue: + title: obligation_value + $ref: '#/components/schemas/policy.ObligationValue' + action: + title: action + $ref: '#/components/schemas/policy.Action' + attributeValue: + title: attribute_value + $ref: '#/components/schemas/policy.Value' + context: + type: array + items: + $ref: '#/components/schemas/policy.RequestContext' + title: context + namespace: + title: namespace + description: The source namespace for this trigger, derived from the attribute value and action. + $ref: '#/components/schemas/policy.Namespace' + metadata: + title: metadata + $ref: '#/components/schemas/common.Metadata' + title: ObligationTrigger + additionalProperties: false + policy.ObligationValue: + type: object + properties: + id: + type: string + title: id + obligation: + title: obligation + $ref: '#/components/schemas/policy.Obligation' + value: + type: string + title: value + triggers: + type: array + items: + $ref: '#/components/schemas/policy.ObligationTrigger' + title: triggers + fqn: + type: string + title: fqn + metadata: + title: metadata + $ref: '#/components/schemas/common.Metadata' + title: ObligationValue + additionalProperties: false + policy.PageRequest: + type: object + properties: + limit: + type: integer + title: limit + format: int32 + description: |- + Optional + Set to configured default limit if not provided + Maximum limit set in platform config and enforced by services + offset: + type: integer + title: offset + format: int32 + description: |- + Optional + Defaulted if not provided + title: PageRequest + additionalProperties: false + policy.PageResponse: + type: object + properties: + currentOffset: + type: integer + title: current_offset + format: int32 + description: Requested pagination offset + nextOffset: + type: integer + title: next_offset + format: int32 + description: |- + Calculated with request limit + offset or defaults + Empty when none remain after current page + total: + type: integer + title: total + format: int32 + description: Total count of entire list + title: PageResponse + additionalProperties: false + policy.PolicyEnforcementPoint: + type: object + properties: + clientId: + type: string + title: client_id + minLength: 1 + title: PolicyEnforcementPoint + additionalProperties: false + policy.PublicKey: + type: object + oneOf: + - type: object + properties: + cached: + title: cached + description: public key with additional information. Current preferred version + $ref: '#/components/schemas/policy.KasPublicKeySet' + title: cached + required: + - cached + - type: object + properties: + remote: + type: string + title: remote + description: | + kas public key url - optional since can also be retrieved via public key + uri_format // URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes. + title: remote + required: + - remote + title: PublicKey + additionalProperties: false + description: Deprecated + policy.RequestContext: + type: object + properties: + pep: + title: pep + $ref: '#/components/schemas/policy.PolicyEnforcementPoint' + title: RequestContext + required: + - pep + additionalProperties: false + description: Holds the context needed for obligation fulfillment + policy.ResourceMapping: + type: object + properties: + id: + type: string + title: id + metadata: + title: metadata + $ref: '#/components/schemas/common.Metadata' + attributeValue: + title: attribute_value + $ref: '#/components/schemas/policy.Value' + terms: + type: array + items: + type: string + title: terms + group: + title: group + $ref: '#/components/schemas/policy.ResourceMappingGroup' + title: ResourceMapping + required: + - attributeValue + additionalProperties: false + description: |- + Resource Mappings (aka Access Control Resource Encodings aka ACRE) are + structures supporting the mapping of Resources and Attribute Values + policy.ResourceMappingGroup: + type: object + properties: + id: + type: string + title: id + namespaceId: + type: string + title: namespace_id + description: the namespace containing the group of resource mappings + name: + type: string + title: name + description: |- + the common name for the group of resource mappings, which must be unique + per namespace + fqn: + type: string + title: fqn + description: the fully qualified name of the resource mapping group + metadata: + title: metadata + description: Common metadata + $ref: '#/components/schemas/common.Metadata' + title: ResourceMappingGroup + required: + - namespaceId + - name + additionalProperties: false + description: |- + Resource Mapping Groups are namespaced collections of Resource Mappings + associated under a common group name. + policy.SimpleKasKey: + type: object + properties: + kasUri: + type: string + title: kas_uri + description: The URL of the Key Access Server + publicKey: + title: public_key + description: The public key of the Key that belongs to the KAS + $ref: '#/components/schemas/policy.SimpleKasPublicKey' + kasId: + type: string + title: kas_id + description: The ID of the Key Access Server + title: SimpleKasKey + additionalProperties: false + policy.SimpleKasPublicKey: + type: object + properties: + algorithm: + title: algorithm + $ref: '#/components/schemas/policy.Algorithm' + kid: + type: string + title: kid + pem: + type: string + title: pem + title: SimpleKasPublicKey + additionalProperties: false + policy.SortDirection: + type: string + title: SortDirection + enum: + - SORT_DIRECTION_UNSPECIFIED + - SORT_DIRECTION_ASC + - SORT_DIRECTION_DESC + description: |- + Sorting direction shared across list APIs. + When the 'sort' field is omitted or the chosen sort 'field' is UNSPECIFIED, + the endpoint's request message defines the default ordering; see the + specific List* request docs. + policy.SourceType: + type: string + title: SourceType + enum: + - SOURCE_TYPE_UNSPECIFIED + - SOURCE_TYPE_INTERNAL + - SOURCE_TYPE_EXTERNAL + description: |- + Describes whether this kas is managed by the organization or if they imported + the kas information from an external party. These two modes are necessary in order + to encrypt a tdf dek with an external parties kas public key. + policy.SubjectConditionSet: + type: object + properties: + id: + type: string + title: id + namespace: + title: namespace + description: |- + the namespace containing this subject condition set + possible this is empty in the case a subject condition set + has not been migrated to a namespace. + $ref: '#/components/schemas/policy.Namespace' + subjectSets: + type: array + items: + $ref: '#/components/schemas/policy.SubjectSet' + title: subject_sets + minItems: 1 + metadata: + title: metadata + $ref: '#/components/schemas/common.Metadata' + title: SubjectConditionSet + additionalProperties: false + description: |- + A container for multiple Subject Sets, each containing Condition Groups, each + containing Conditions. Multiple Subject Sets in a SubjectConditionSet are + evaluated with AND logic. As each Subject Mapping has only one Attribute + Value, the SubjectConditionSet is reusable across multiple Subject Mappings / + Attribute Values and is an independent unit. + policy.SubjectMapping: + type: object + properties: + id: + type: string + title: id + attributeValue: + title: attribute_value + description: 'the Attribute Value mapped to; aka: "The Entity Entitlement Attribute"' + $ref: '#/components/schemas/policy.Value' + subjectConditionSet: + title: subject_condition_set + description: the reusable SubjectConditionSet mapped to the given Attribute Value + $ref: '#/components/schemas/policy.SubjectConditionSet' + actions: + type: array + items: + $ref: '#/components/schemas/policy.Action' + title: actions + description: The actions permitted by subjects in this mapping + namespace: + title: namespace + description: |- + the namespace containing this subject mapping + possible this is empty. If so that means + the Subject Mapping has not been migrated to a namespace. + $ref: '#/components/schemas/policy.Namespace' + metadata: + title: metadata + $ref: '#/components/schemas/common.Metadata' + title: SubjectMapping + additionalProperties: false + description: |- + Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute + value + action(s) combination + policy.SubjectMappingOperatorEnum: + type: string + title: SubjectMappingOperatorEnum + enum: + - SUBJECT_MAPPING_OPERATOR_ENUM_UNSPECIFIED + - SUBJECT_MAPPING_OPERATOR_ENUM_IN + - SUBJECT_MAPPING_OPERATOR_ENUM_NOT_IN + - SUBJECT_MAPPING_OPERATOR_ENUM_IN_CONTAINS + policy.SubjectSet: + type: object + properties: + conditionGroups: + type: array + items: + $ref: '#/components/schemas/policy.ConditionGroup' + title: condition_groups + minItems: 1 + description: multiple Condition Groups are evaluated with AND logic + title: SubjectSet + additionalProperties: false + description: A collection of Condition Groups + policy.Value: + type: object + properties: + id: + type: string + title: id + description: generated uuid in database + attribute: + title: attribute + $ref: '#/components/schemas/policy.Attribute' + value: + type: string + title: value + grants: + type: array + items: + $ref: '#/components/schemas/policy.KeyAccessServer' + title: grants + description: Deprecated KAS grants for the value. Use kas_keys instead. + fqn: + type: string + title: fqn + active: + title: active + description: active by default until explicitly deactivated + $ref: '#/components/schemas/google.protobuf.BoolValue' + subjectMappings: + type: array + items: + $ref: '#/components/schemas/policy.SubjectMapping' + title: subject_mappings + description: subject mapping + kasKeys: + type: array + items: + $ref: '#/components/schemas/policy.SimpleKasKey' + title: kas_keys + resourceMappings: + type: array + items: + $ref: '#/components/schemas/policy.ResourceMapping' + title: resource_mappings + obligations: + type: array + items: + $ref: '#/components/schemas/policy.Obligation' + title: obligations + metadata: + title: metadata + description: Common metadata + $ref: '#/components/schemas/common.Metadata' + title: Value + additionalProperties: false + policy.dynamicvaluemapping.CreateDynamicValueMappingRequest: + type: object + allOf: + - oneOf: + - required: + - attributeDefinitionId + - required: + - attributeDefinitionFqn + properties: + attributeDefinitionId: + type: string + title: attribute_definition_id + description: | + optional_uuid_format // Optional field must be a valid UUID + attributeDefinitionFqn: + type: string + title: attribute_definition_fqn + format: uri + valueResolver: + title: value_resolver + description: 'Required: the dynamic resolver comparing entity selector result to the resource value segment' + $ref: '#/components/schemas/policy.DynamicValueResolver' + actions: + type: array + items: + $ref: '#/components/schemas/policy.Action' + title: actions + minItems: 1 + description: | + Required: actions permitted on a matched value + action_name_or_id_not_empty // Action name or ID must not be empty if provided + existingSubjectConditionSetId: + type: string + title: existing_subject_condition_set_id + description: | + Optional static pre-gate. Reuse an existing SubjectConditionSet (prioritized) ... + optional_uuid_format // Optional field must be a valid UUID + newSubjectConditionSet: + title: new_subject_condition_set + description: '... or create a new one (ignored if existing_subject_condition_set_id is provided)' + $ref: '#/components/schemas/policy.subjectmapping.SubjectConditionSetCreate' + namespaceId: + type: string + title: namespace_id + description: | + Optional: namespace ID or FQN for the mapping + optional_uuid_format // Optional field must be a valid UUID + namespaceFqn: + type: string + title: namespace_fqn + format: uri + metadata: + title: metadata + description: Optional + $ref: '#/components/schemas/common.MetadataMutable' + title: CreateDynamicValueMappingRequest + required: + - valueResolver + additionalProperties: false + policy.dynamicvaluemapping.CreateDynamicValueMappingResponse: + type: object + properties: + dynamicValueMapping: + title: dynamic_value_mapping + $ref: '#/components/schemas/policy.DynamicValueMapping' + title: CreateDynamicValueMappingResponse + additionalProperties: false + policy.dynamicvaluemapping.DeleteDynamicValueMappingRequest: + type: object + properties: + id: + type: string + title: id + format: uuid + description: Required + title: DeleteDynamicValueMappingRequest + additionalProperties: false + policy.dynamicvaluemapping.DeleteDynamicValueMappingResponse: + type: object + properties: + dynamicValueMapping: + title: dynamic_value_mapping + description: Only ID of the deleted mapping provided + $ref: '#/components/schemas/policy.DynamicValueMapping' + title: DeleteDynamicValueMappingResponse + additionalProperties: false + policy.dynamicvaluemapping.DynamicValueMappingsSort: + type: object + properties: + field: + title: field + $ref: '#/components/schemas/policy.dynamicvaluemapping.SortDynamicValueMappingsType' + direction: + title: direction + $ref: '#/components/schemas/policy.SortDirection' + title: DynamicValueMappingsSort + additionalProperties: false + policy.dynamicvaluemapping.GetDynamicValueMappingRequest: + type: object + properties: + id: + type: string + title: id + format: uuid + description: Required + title: GetDynamicValueMappingRequest + additionalProperties: false + policy.dynamicvaluemapping.GetDynamicValueMappingResponse: + type: object + properties: + dynamicValueMapping: + title: dynamic_value_mapping + $ref: '#/components/schemas/policy.DynamicValueMapping' + title: GetDynamicValueMappingResponse + additionalProperties: false + policy.dynamicvaluemapping.ListDynamicValueMappingsRequest: + type: object + properties: + namespaceId: + type: string + title: namespace_id + description: | + Optional + Namespace ID, or Attribute Definition ID to filter by + optional_uuid_format // Optional field must be a valid UUID + attributeDefinitionId: + type: string + title: attribute_definition_id + description: | + optional_uuid_format // Optional field must be a valid UUID + pagination: + title: pagination + description: Optional + $ref: '#/components/schemas/policy.PageRequest' + sort: + type: array + items: + $ref: '#/components/schemas/policy.dynamicvaluemapping.DynamicValueMappingsSort' + title: sort + maxItems: 1 + description: 'Optional - CONSTRAINT: max 1 item' + title: ListDynamicValueMappingsRequest + additionalProperties: false + policy.dynamicvaluemapping.ListDynamicValueMappingsResponse: + type: object + properties: + dynamicValueMappings: + type: array + items: + $ref: '#/components/schemas/policy.DynamicValueMapping' + title: dynamic_value_mappings + pagination: + title: pagination + $ref: '#/components/schemas/policy.PageResponse' + title: ListDynamicValueMappingsResponse + additionalProperties: false + policy.dynamicvaluemapping.SortDynamicValueMappingsType: + type: string + title: SortDynamicValueMappingsType + enum: + - SORT_DYNAMIC_VALUE_MAPPINGS_TYPE_UNSPECIFIED + - SORT_DYNAMIC_VALUE_MAPPINGS_TYPE_CREATED_AT + - SORT_DYNAMIC_VALUE_MAPPINGS_TYPE_UPDATED_AT + policy.dynamicvaluemapping.UpdateDynamicValueMappingRequest: + type: object + properties: + id: + type: string + title: id + format: uuid + description: Required + valueResolver: + title: value_resolver + description: 'Optional: replace the dynamic resolver' + $ref: '#/components/schemas/policy.DynamicValueResolver' + subjectConditionSetId: + type: string + title: subject_condition_set_id + description: | + Optional: replace the static pre-gate SubjectConditionSet by id + optional_uuid_format // Optional field must be a valid UUID + actions: + type: array + items: + $ref: '#/components/schemas/policy.Action' + title: actions + description: | + Optional: replace the entire list of actions + action_name_or_id_not_empty // Action name or ID must not be empty if provided + metadata: + title: metadata + description: Common metadata + $ref: '#/components/schemas/common.MetadataMutable' + metadataUpdateBehavior: + title: metadata_update_behavior + $ref: '#/components/schemas/common.MetadataUpdateEnum' + title: UpdateDynamicValueMappingRequest + additionalProperties: false + policy.dynamicvaluemapping.UpdateDynamicValueMappingResponse: + type: object + properties: + dynamicValueMapping: + title: dynamic_value_mapping + $ref: '#/components/schemas/policy.DynamicValueMapping' + title: UpdateDynamicValueMappingResponse + additionalProperties: false + policy.subjectmapping.SubjectConditionSetCreate: + type: object + properties: + subjectSets: + type: array + items: + $ref: '#/components/schemas/policy.SubjectSet' + title: subject_sets + minItems: 1 + description: Required + metadata: + title: metadata + description: |- + Optional + Common metadata + $ref: '#/components/schemas/common.MetadataMutable' + title: SubjectConditionSetCreate + additionalProperties: false +security: [] +tags: + - name: policy.dynamicvaluemapping.DynamicValueMappingService diff --git a/docs/openapi/policy/objects.openapi.yaml b/docs/openapi/policy/objects.openapi.yaml index 6bef650b76..2be6d6e904 100644 --- a/docs/openapi/policy/objects.openapi.yaml +++ b/docs/openapi/policy/objects.openapi.yaml @@ -368,6 +368,83 @@ components: - booleanOperator additionalProperties: false description: A collection of Conditions evaluated by the boolean_operator provided + policy.DynamicValueMapping: + type: object + properties: + id: + type: string + title: id + attributeDefinition: + title: attribute_definition + description: the Attribute Definition whose values are entitled dynamically + $ref: '#/components/schemas/policy.Attribute' + valueResolver: + title: value_resolver + description: the dynamic resolver matched against the requested resource value segment + $ref: '#/components/schemas/policy.DynamicValueResolver' + subjectConditionSet: + title: subject_condition_set + description: |- + optional static pre-gate on the entity, evaluated with normal SubjectConditionSet + semantics (no dynamic overload). When present, both the gate and the resolver must + pass for entitlement. + $ref: '#/components/schemas/policy.SubjectConditionSet' + actions: + type: array + items: + $ref: '#/components/schemas/policy.Action' + title: actions + description: the actions permitted by subjects in this mapping + namespace: + title: namespace + description: the namespace containing this mapping + $ref: '#/components/schemas/policy.Namespace' + metadata: + title: metadata + $ref: '#/components/schemas/common.Metadata' + title: DynamicValueMapping + additionalProperties: false + description: |- + Dynamic Value Mapping: a Policy assigning permitted action(s) to + dynamically-requested values under an Attribute Definition. It raises entitlement + authority from a concrete Attribute Value to the Attribute Definition: at decision time + the value_resolver compares the requested resource value segment against the entity + representation, avoiding pre-provisioning a value + subject mapping per discrete value. + policy.DynamicValueOperatorEnum: + type: string + title: DynamicValueOperatorEnum + enum: + - DYNAMIC_VALUE_OPERATOR_ENUM_UNSPECIFIED + - DYNAMIC_VALUE_OPERATOR_ENUM_RESOURCE_VALUE_IN + - DYNAMIC_VALUE_OPERATOR_ENUM_RESOURCE_VALUE_IN_CONTAINS + description: |- + Operators for dynamic, definition-level value entitlement. Unlike + SubjectMappingOperatorEnum, whose right-hand operand is a static list authored into + policy, a DynamicValueOperatorEnum's right-hand operand is the requested resource's + attribute value segment, supplied at decision time. Each value is the inversion of its + static SubjectMappingOperatorEnum counterpart. + policy.DynamicValueResolver: + type: object + properties: + subjectExternalSelectorValue: + type: string + title: subject_external_selector_value + description: |- + a selector for a field value on a flattened Entity Representation (such as from + idP/LDAP), e.g. ".patientAssignments[]" + operator: + title: operator + description: the dynamic operator comparing the selector result to the resource value segment + $ref: '#/components/schemas/policy.DynamicValueOperatorEnum' + title: DynamicValueResolver + required: + - subjectExternalSelectorValue + - operator + additionalProperties: false + description: |- + Definition Value Resolver: the dynamic half of a DynamicValueMapping. It + resolves a selector against the entity representation and compares the result to the + requested resource value segment using a DynamicValueOperatorEnum. policy.KasKey: type: object properties: @@ -989,6 +1066,7 @@ components: authoritative source such as an IDP (Identity Provider) or User Store. Examples include such ADFS/LDAP, OKTA, etc. For now, a valid property must contain both a selector expression & a resulting value. + The external_selector_value is a specifier to select a value from a flattened external representation of an Entity (such as from idP/LDAP), and the external_value is the value selected by the external_selector_value on that diff --git a/docs/openapi/policy/subjectmapping/subject_mapping.openapi.yaml b/docs/openapi/policy/subjectmapping/subject_mapping.openapi.yaml index 10e2ebeb84..a988610cbb 100644 --- a/docs/openapi/policy/subjectmapping/subject_mapping.openapi.yaml +++ b/docs/openapi/policy/subjectmapping/subject_mapping.openapi.yaml @@ -1348,6 +1348,7 @@ components: authoritative source such as an IDP (Identity Provider) or User Store. Examples include such ADFS/LDAP, OKTA, etc. For now, a valid property must contain both a selector expression & a resulting value. + The external_selector_value is a specifier to select a value from a flattened external representation of an Entity (such as from idP/LDAP), and the external_value is the value selected by the external_selector_value on that diff --git a/protocol/go/go.mod b/protocol/go/go.mod index fe119565e9..e2668a8e74 100644 --- a/protocol/go/go.mod +++ b/protocol/go/go.mod @@ -2,6 +2,8 @@ module github.com/opentdf/platform/protocol/go go 1.25.0 +toolchain go1.25.9 + require ( buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.11-20260415201107-50325440f8f2.1 connectrpc.com/connect v1.20.0 diff --git a/protocol/go/policy/dynamicvaluemapping/dynamic_value_mapping.pb.go b/protocol/go/policy/dynamicvaluemapping/dynamic_value_mapping.pb.go new file mode 100644 index 0000000000..5df7ef6b45 --- /dev/null +++ b/protocol/go/policy/dynamicvaluemapping/dynamic_value_mapping.pb.go @@ -0,0 +1,1312 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.33.0 +// protoc (unknown) +// source: policy/dynamicvaluemapping/dynamic_value_mapping.proto + +package dynamicvaluemapping + +import ( + _ "buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go/buf/validate" + common "github.com/opentdf/platform/protocol/go/common" + policy "github.com/opentdf/platform/protocol/go/policy" + subjectmapping "github.com/opentdf/platform/protocol/go/policy/subjectmapping" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type SortDynamicValueMappingsType int32 + +const ( + SortDynamicValueMappingsType_SORT_DYNAMIC_VALUE_MAPPINGS_TYPE_UNSPECIFIED SortDynamicValueMappingsType = 0 + SortDynamicValueMappingsType_SORT_DYNAMIC_VALUE_MAPPINGS_TYPE_CREATED_AT SortDynamicValueMappingsType = 1 + SortDynamicValueMappingsType_SORT_DYNAMIC_VALUE_MAPPINGS_TYPE_UPDATED_AT SortDynamicValueMappingsType = 2 +) + +// Enum value maps for SortDynamicValueMappingsType. +var ( + SortDynamicValueMappingsType_name = map[int32]string{ + 0: "SORT_DYNAMIC_VALUE_MAPPINGS_TYPE_UNSPECIFIED", + 1: "SORT_DYNAMIC_VALUE_MAPPINGS_TYPE_CREATED_AT", + 2: "SORT_DYNAMIC_VALUE_MAPPINGS_TYPE_UPDATED_AT", + } + SortDynamicValueMappingsType_value = map[string]int32{ + "SORT_DYNAMIC_VALUE_MAPPINGS_TYPE_UNSPECIFIED": 0, + "SORT_DYNAMIC_VALUE_MAPPINGS_TYPE_CREATED_AT": 1, + "SORT_DYNAMIC_VALUE_MAPPINGS_TYPE_UPDATED_AT": 2, + } +) + +func (x SortDynamicValueMappingsType) Enum() *SortDynamicValueMappingsType { + p := new(SortDynamicValueMappingsType) + *p = x + return p +} + +func (x SortDynamicValueMappingsType) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (SortDynamicValueMappingsType) Descriptor() protoreflect.EnumDescriptor { + return file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_enumTypes[0].Descriptor() +} + +func (SortDynamicValueMappingsType) Type() protoreflect.EnumType { + return &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_enumTypes[0] +} + +func (x SortDynamicValueMappingsType) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use SortDynamicValueMappingsType.Descriptor instead. +func (SortDynamicValueMappingsType) EnumDescriptor() ([]byte, []int) { + return file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDescGZIP(), []int{0} +} + +type GetDynamicValueMappingRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Required + Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` +} + +func (x *GetDynamicValueMappingRequest) Reset() { + *x = GetDynamicValueMappingRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *GetDynamicValueMappingRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*GetDynamicValueMappingRequest) ProtoMessage() {} + +func (x *GetDynamicValueMappingRequest) ProtoReflect() protoreflect.Message { + mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use GetDynamicValueMappingRequest.ProtoReflect.Descriptor instead. +func (*GetDynamicValueMappingRequest) Descriptor() ([]byte, []int) { + return file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDescGZIP(), []int{0} +} + +func (x *GetDynamicValueMappingRequest) GetId() string { + if x != nil { + return x.Id + } + return "" +} + +type GetDynamicValueMappingResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + DynamicValueMapping *policy.DynamicValueMapping `protobuf:"bytes,1,opt,name=dynamic_value_mapping,json=dynamicValueMapping,proto3" json:"dynamic_value_mapping,omitempty"` +} + +func (x *GetDynamicValueMappingResponse) Reset() { + *x = GetDynamicValueMappingResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *GetDynamicValueMappingResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*GetDynamicValueMappingResponse) ProtoMessage() {} + +func (x *GetDynamicValueMappingResponse) ProtoReflect() protoreflect.Message { + mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use GetDynamicValueMappingResponse.ProtoReflect.Descriptor instead. +func (*GetDynamicValueMappingResponse) Descriptor() ([]byte, []int) { + return file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDescGZIP(), []int{1} +} + +func (x *GetDynamicValueMappingResponse) GetDynamicValueMapping() *policy.DynamicValueMapping { + if x != nil { + return x.DynamicValueMapping + } + return nil +} + +type DynamicValueMappingsSort struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Field SortDynamicValueMappingsType `protobuf:"varint,1,opt,name=field,proto3,enum=policy.dynamicvaluemapping.SortDynamicValueMappingsType" json:"field,omitempty"` + Direction policy.SortDirection `protobuf:"varint,2,opt,name=direction,proto3,enum=policy.SortDirection" json:"direction,omitempty"` +} + +func (x *DynamicValueMappingsSort) Reset() { + *x = DynamicValueMappingsSort{} + if protoimpl.UnsafeEnabled { + mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *DynamicValueMappingsSort) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DynamicValueMappingsSort) ProtoMessage() {} + +func (x *DynamicValueMappingsSort) ProtoReflect() protoreflect.Message { + mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DynamicValueMappingsSort.ProtoReflect.Descriptor instead. +func (*DynamicValueMappingsSort) Descriptor() ([]byte, []int) { + return file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDescGZIP(), []int{2} +} + +func (x *DynamicValueMappingsSort) GetField() SortDynamicValueMappingsType { + if x != nil { + return x.Field + } + return SortDynamicValueMappingsType_SORT_DYNAMIC_VALUE_MAPPINGS_TYPE_UNSPECIFIED +} + +func (x *DynamicValueMappingsSort) GetDirection() policy.SortDirection { + if x != nil { + return x.Direction + } + return policy.SortDirection(0) +} + +type ListDynamicValueMappingsRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Optional + // Namespace ID, or Attribute Definition ID to filter by + NamespaceId string `protobuf:"bytes,1,opt,name=namespace_id,json=namespaceId,proto3" json:"namespace_id,omitempty"` + AttributeDefinitionId string `protobuf:"bytes,2,opt,name=attribute_definition_id,json=attributeDefinitionId,proto3" json:"attribute_definition_id,omitempty"` + // Optional + Pagination *policy.PageRequest `protobuf:"bytes,10,opt,name=pagination,proto3" json:"pagination,omitempty"` + // Optional - CONSTRAINT: max 1 item + Sort []*DynamicValueMappingsSort `protobuf:"bytes,11,rep,name=sort,proto3" json:"sort,omitempty"` +} + +func (x *ListDynamicValueMappingsRequest) Reset() { + *x = ListDynamicValueMappingsRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ListDynamicValueMappingsRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ListDynamicValueMappingsRequest) ProtoMessage() {} + +func (x *ListDynamicValueMappingsRequest) ProtoReflect() protoreflect.Message { + mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ListDynamicValueMappingsRequest.ProtoReflect.Descriptor instead. +func (*ListDynamicValueMappingsRequest) Descriptor() ([]byte, []int) { + return file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDescGZIP(), []int{3} +} + +func (x *ListDynamicValueMappingsRequest) GetNamespaceId() string { + if x != nil { + return x.NamespaceId + } + return "" +} + +func (x *ListDynamicValueMappingsRequest) GetAttributeDefinitionId() string { + if x != nil { + return x.AttributeDefinitionId + } + return "" +} + +func (x *ListDynamicValueMappingsRequest) GetPagination() *policy.PageRequest { + if x != nil { + return x.Pagination + } + return nil +} + +func (x *ListDynamicValueMappingsRequest) GetSort() []*DynamicValueMappingsSort { + if x != nil { + return x.Sort + } + return nil +} + +type ListDynamicValueMappingsResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + DynamicValueMappings []*policy.DynamicValueMapping `protobuf:"bytes,1,rep,name=dynamic_value_mappings,json=dynamicValueMappings,proto3" json:"dynamic_value_mappings,omitempty"` + Pagination *policy.PageResponse `protobuf:"bytes,10,opt,name=pagination,proto3" json:"pagination,omitempty"` +} + +func (x *ListDynamicValueMappingsResponse) Reset() { + *x = ListDynamicValueMappingsResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ListDynamicValueMappingsResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ListDynamicValueMappingsResponse) ProtoMessage() {} + +func (x *ListDynamicValueMappingsResponse) ProtoReflect() protoreflect.Message { + mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[4] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ListDynamicValueMappingsResponse.ProtoReflect.Descriptor instead. +func (*ListDynamicValueMappingsResponse) Descriptor() ([]byte, []int) { + return file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDescGZIP(), []int{4} +} + +func (x *ListDynamicValueMappingsResponse) GetDynamicValueMappings() []*policy.DynamicValueMapping { + if x != nil { + return x.DynamicValueMappings + } + return nil +} + +func (x *ListDynamicValueMappingsResponse) GetPagination() *policy.PageResponse { + if x != nil { + return x.Pagination + } + return nil +} + +type CreateDynamicValueMappingRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + AttributeDefinitionId string `protobuf:"bytes,1,opt,name=attribute_definition_id,json=attributeDefinitionId,proto3" json:"attribute_definition_id,omitempty"` + AttributeDefinitionFqn string `protobuf:"bytes,2,opt,name=attribute_definition_fqn,json=attributeDefinitionFqn,proto3" json:"attribute_definition_fqn,omitempty"` + // Required: the dynamic resolver comparing entity selector result to the resource value segment + ValueResolver *policy.DynamicValueResolver `protobuf:"bytes,3,opt,name=value_resolver,json=valueResolver,proto3" json:"value_resolver,omitempty"` + // Required: actions permitted on a matched value + Actions []*policy.Action `protobuf:"bytes,4,rep,name=actions,proto3" json:"actions,omitempty"` + // Optional static pre-gate. Reuse an existing SubjectConditionSet (prioritized) ... + ExistingSubjectConditionSetId string `protobuf:"bytes,5,opt,name=existing_subject_condition_set_id,json=existingSubjectConditionSetId,proto3" json:"existing_subject_condition_set_id,omitempty"` + // ... or create a new one (ignored if existing_subject_condition_set_id is provided) + NewSubjectConditionSet *subjectmapping.SubjectConditionSetCreate `protobuf:"bytes,6,opt,name=new_subject_condition_set,json=newSubjectConditionSet,proto3" json:"new_subject_condition_set,omitempty"` + // Optional: namespace ID or FQN for the mapping + NamespaceId string `protobuf:"bytes,7,opt,name=namespace_id,json=namespaceId,proto3" json:"namespace_id,omitempty"` + NamespaceFqn string `protobuf:"bytes,8,opt,name=namespace_fqn,json=namespaceFqn,proto3" json:"namespace_fqn,omitempty"` + // Optional + Metadata *common.MetadataMutable `protobuf:"bytes,100,opt,name=metadata,proto3" json:"metadata,omitempty"` +} + +func (x *CreateDynamicValueMappingRequest) Reset() { + *x = CreateDynamicValueMappingRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CreateDynamicValueMappingRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CreateDynamicValueMappingRequest) ProtoMessage() {} + +func (x *CreateDynamicValueMappingRequest) ProtoReflect() protoreflect.Message { + mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[5] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CreateDynamicValueMappingRequest.ProtoReflect.Descriptor instead. +func (*CreateDynamicValueMappingRequest) Descriptor() ([]byte, []int) { + return file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDescGZIP(), []int{5} +} + +func (x *CreateDynamicValueMappingRequest) GetAttributeDefinitionId() string { + if x != nil { + return x.AttributeDefinitionId + } + return "" +} + +func (x *CreateDynamicValueMappingRequest) GetAttributeDefinitionFqn() string { + if x != nil { + return x.AttributeDefinitionFqn + } + return "" +} + +func (x *CreateDynamicValueMappingRequest) GetValueResolver() *policy.DynamicValueResolver { + if x != nil { + return x.ValueResolver + } + return nil +} + +func (x *CreateDynamicValueMappingRequest) GetActions() []*policy.Action { + if x != nil { + return x.Actions + } + return nil +} + +func (x *CreateDynamicValueMappingRequest) GetExistingSubjectConditionSetId() string { + if x != nil { + return x.ExistingSubjectConditionSetId + } + return "" +} + +func (x *CreateDynamicValueMappingRequest) GetNewSubjectConditionSet() *subjectmapping.SubjectConditionSetCreate { + if x != nil { + return x.NewSubjectConditionSet + } + return nil +} + +func (x *CreateDynamicValueMappingRequest) GetNamespaceId() string { + if x != nil { + return x.NamespaceId + } + return "" +} + +func (x *CreateDynamicValueMappingRequest) GetNamespaceFqn() string { + if x != nil { + return x.NamespaceFqn + } + return "" +} + +func (x *CreateDynamicValueMappingRequest) GetMetadata() *common.MetadataMutable { + if x != nil { + return x.Metadata + } + return nil +} + +type CreateDynamicValueMappingResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + DynamicValueMapping *policy.DynamicValueMapping `protobuf:"bytes,1,opt,name=dynamic_value_mapping,json=dynamicValueMapping,proto3" json:"dynamic_value_mapping,omitempty"` +} + +func (x *CreateDynamicValueMappingResponse) Reset() { + *x = CreateDynamicValueMappingResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CreateDynamicValueMappingResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CreateDynamicValueMappingResponse) ProtoMessage() {} + +func (x *CreateDynamicValueMappingResponse) ProtoReflect() protoreflect.Message { + mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[6] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CreateDynamicValueMappingResponse.ProtoReflect.Descriptor instead. +func (*CreateDynamicValueMappingResponse) Descriptor() ([]byte, []int) { + return file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDescGZIP(), []int{6} +} + +func (x *CreateDynamicValueMappingResponse) GetDynamicValueMapping() *policy.DynamicValueMapping { + if x != nil { + return x.DynamicValueMapping + } + return nil +} + +type UpdateDynamicValueMappingRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Required + Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` + // Optional: replace the dynamic resolver + ValueResolver *policy.DynamicValueResolver `protobuf:"bytes,2,opt,name=value_resolver,json=valueResolver,proto3" json:"value_resolver,omitempty"` + // Optional: replace the static pre-gate SubjectConditionSet by id + SubjectConditionSetId string `protobuf:"bytes,3,opt,name=subject_condition_set_id,json=subjectConditionSetId,proto3" json:"subject_condition_set_id,omitempty"` + // Optional: replace the entire list of actions + Actions []*policy.Action `protobuf:"bytes,4,rep,name=actions,proto3" json:"actions,omitempty"` + // Common metadata + Metadata *common.MetadataMutable `protobuf:"bytes,100,opt,name=metadata,proto3" json:"metadata,omitempty"` + MetadataUpdateBehavior common.MetadataUpdateEnum `protobuf:"varint,101,opt,name=metadata_update_behavior,json=metadataUpdateBehavior,proto3,enum=common.MetadataUpdateEnum" json:"metadata_update_behavior,omitempty"` +} + +func (x *UpdateDynamicValueMappingRequest) Reset() { + *x = UpdateDynamicValueMappingRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UpdateDynamicValueMappingRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UpdateDynamicValueMappingRequest) ProtoMessage() {} + +func (x *UpdateDynamicValueMappingRequest) ProtoReflect() protoreflect.Message { + mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[7] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UpdateDynamicValueMappingRequest.ProtoReflect.Descriptor instead. +func (*UpdateDynamicValueMappingRequest) Descriptor() ([]byte, []int) { + return file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDescGZIP(), []int{7} +} + +func (x *UpdateDynamicValueMappingRequest) GetId() string { + if x != nil { + return x.Id + } + return "" +} + +func (x *UpdateDynamicValueMappingRequest) GetValueResolver() *policy.DynamicValueResolver { + if x != nil { + return x.ValueResolver + } + return nil +} + +func (x *UpdateDynamicValueMappingRequest) GetSubjectConditionSetId() string { + if x != nil { + return x.SubjectConditionSetId + } + return "" +} + +func (x *UpdateDynamicValueMappingRequest) GetActions() []*policy.Action { + if x != nil { + return x.Actions + } + return nil +} + +func (x *UpdateDynamicValueMappingRequest) GetMetadata() *common.MetadataMutable { + if x != nil { + return x.Metadata + } + return nil +} + +func (x *UpdateDynamicValueMappingRequest) GetMetadataUpdateBehavior() common.MetadataUpdateEnum { + if x != nil { + return x.MetadataUpdateBehavior + } + return common.MetadataUpdateEnum(0) +} + +type UpdateDynamicValueMappingResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + DynamicValueMapping *policy.DynamicValueMapping `protobuf:"bytes,1,opt,name=dynamic_value_mapping,json=dynamicValueMapping,proto3" json:"dynamic_value_mapping,omitempty"` +} + +func (x *UpdateDynamicValueMappingResponse) Reset() { + *x = UpdateDynamicValueMappingResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UpdateDynamicValueMappingResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UpdateDynamicValueMappingResponse) ProtoMessage() {} + +func (x *UpdateDynamicValueMappingResponse) ProtoReflect() protoreflect.Message { + mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[8] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UpdateDynamicValueMappingResponse.ProtoReflect.Descriptor instead. +func (*UpdateDynamicValueMappingResponse) Descriptor() ([]byte, []int) { + return file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDescGZIP(), []int{8} +} + +func (x *UpdateDynamicValueMappingResponse) GetDynamicValueMapping() *policy.DynamicValueMapping { + if x != nil { + return x.DynamicValueMapping + } + return nil +} + +type DeleteDynamicValueMappingRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Required + Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` +} + +func (x *DeleteDynamicValueMappingRequest) Reset() { + *x = DeleteDynamicValueMappingRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *DeleteDynamicValueMappingRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DeleteDynamicValueMappingRequest) ProtoMessage() {} + +func (x *DeleteDynamicValueMappingRequest) ProtoReflect() protoreflect.Message { + mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[9] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DeleteDynamicValueMappingRequest.ProtoReflect.Descriptor instead. +func (*DeleteDynamicValueMappingRequest) Descriptor() ([]byte, []int) { + return file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDescGZIP(), []int{9} +} + +func (x *DeleteDynamicValueMappingRequest) GetId() string { + if x != nil { + return x.Id + } + return "" +} + +type DeleteDynamicValueMappingResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Only ID of the deleted mapping provided + DynamicValueMapping *policy.DynamicValueMapping `protobuf:"bytes,1,opt,name=dynamic_value_mapping,json=dynamicValueMapping,proto3" json:"dynamic_value_mapping,omitempty"` +} + +func (x *DeleteDynamicValueMappingResponse) Reset() { + *x = DeleteDynamicValueMappingResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[10] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *DeleteDynamicValueMappingResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DeleteDynamicValueMappingResponse) ProtoMessage() {} + +func (x *DeleteDynamicValueMappingResponse) ProtoReflect() protoreflect.Message { + mi := &file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[10] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DeleteDynamicValueMappingResponse.ProtoReflect.Descriptor instead. +func (*DeleteDynamicValueMappingResponse) Descriptor() ([]byte, []int) { + return file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDescGZIP(), []int{10} +} + +func (x *DeleteDynamicValueMappingResponse) GetDynamicValueMapping() *policy.DynamicValueMapping { + if x != nil { + return x.DynamicValueMapping + } + return nil +} + +var File_policy_dynamicvaluemapping_dynamic_value_mapping_proto protoreflect.FileDescriptor + +var file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDesc = []byte{ + 0x0a, 0x36, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2f, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2f, 0x64, 0x79, 0x6e, + 0x61, 0x6d, 0x69, 0x63, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x5f, 0x6d, 0x61, 0x70, 0x70, 0x69, + 0x6e, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1a, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, + 0x2e, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, + 0x70, 0x69, 0x6e, 0x67, 0x1a, 0x1b, 0x62, 0x75, 0x66, 0x2f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, + 0x74, 0x65, 0x2f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x1a, 0x13, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x14, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2f, 0x6f, + 0x62, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x16, 0x70, 0x6f, + 0x6c, 0x69, 0x63, 0x79, 0x2f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x73, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x2b, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2f, 0x73, 0x75, 0x62, + 0x6a, 0x65, 0x63, 0x74, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2f, 0x73, 0x75, 0x62, 0x6a, + 0x65, 0x63, 0x74, 0x5f, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x22, 0x39, 0x0a, 0x1d, 0x47, 0x65, 0x74, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, + 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x12, 0x18, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x08, + 0xba, 0x48, 0x05, 0x72, 0x03, 0xb0, 0x01, 0x01, 0x52, 0x02, 0x69, 0x64, 0x22, 0x71, 0x0a, 0x1e, + 0x47, 0x65, 0x74, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, + 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4f, + 0x0a, 0x15, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x5f, + 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, + 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, + 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x13, 0x64, 0x79, 0x6e, 0x61, + 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x22, + 0xb3, 0x01, 0x0a, 0x18, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, + 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x53, 0x6f, 0x72, 0x74, 0x12, 0x58, 0x0a, 0x05, + 0x66, 0x69, 0x65, 0x6c, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x38, 0x2e, 0x70, 0x6f, + 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, + 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2e, 0x53, 0x6f, 0x72, 0x74, 0x44, 0x79, 0x6e, + 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, + 0x73, 0x54, 0x79, 0x70, 0x65, 0x42, 0x08, 0xba, 0x48, 0x05, 0x82, 0x01, 0x02, 0x10, 0x01, 0x52, + 0x05, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x12, 0x3d, 0x0a, 0x09, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, + 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x15, 0x2e, 0x70, 0x6f, 0x6c, 0x69, + 0x63, 0x79, 0x2e, 0x53, 0x6f, 0x72, 0x74, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, + 0x42, 0x08, 0xba, 0x48, 0x05, 0x82, 0x01, 0x02, 0x10, 0x01, 0x52, 0x09, 0x64, 0x69, 0x72, 0x65, + 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xf3, 0x04, 0x0a, 0x1f, 0x4c, 0x69, 0x73, 0x74, 0x44, 0x79, + 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, + 0x67, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0xd7, 0x01, 0x0a, 0x0c, 0x6e, 0x61, + 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x42, 0xb3, 0x01, 0xba, 0x48, 0xaf, 0x01, 0xba, 0x01, 0xab, 0x01, 0x0a, 0x14, 0x6f, 0x70, 0x74, + 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x5f, 0x75, 0x75, 0x69, 0x64, 0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61, + 0x74, 0x12, 0x23, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x20, 0x66, 0x69, 0x65, 0x6c, + 0x64, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x62, 0x65, 0x20, 0x61, 0x20, 0x76, 0x61, 0x6c, 0x69, + 0x64, 0x20, 0x55, 0x55, 0x49, 0x44, 0x1a, 0x6e, 0x73, 0x69, 0x7a, 0x65, 0x28, 0x74, 0x68, 0x69, + 0x73, 0x29, 0x20, 0x3d, 0x3d, 0x20, 0x30, 0x20, 0x7c, 0x7c, 0x20, 0x74, 0x68, 0x69, 0x73, 0x2e, + 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x28, 0x27, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, + 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x38, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, + 0x2d, 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, + 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, + 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, + 0x7b, 0x31, 0x32, 0x7d, 0x27, 0x29, 0x52, 0x0b, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, + 0x65, 0x49, 0x64, 0x12, 0xec, 0x01, 0x0a, 0x17, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, + 0x65, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0xb3, 0x01, 0xba, 0x48, 0xaf, 0x01, 0xba, 0x01, 0xab, 0x01, + 0x0a, 0x14, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x5f, 0x75, 0x75, 0x69, 0x64, 0x5f, + 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0x23, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, + 0x20, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x62, 0x65, 0x20, 0x61, + 0x20, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x20, 0x55, 0x55, 0x49, 0x44, 0x1a, 0x6e, 0x73, 0x69, 0x7a, + 0x65, 0x28, 0x74, 0x68, 0x69, 0x73, 0x29, 0x20, 0x3d, 0x3d, 0x20, 0x30, 0x20, 0x7c, 0x7c, 0x20, + 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x28, 0x27, 0x5b, 0x30, + 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x38, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, + 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, + 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, + 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, + 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x31, 0x32, 0x7d, 0x27, 0x29, 0x52, 0x15, 0x61, 0x74, 0x74, + 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, + 0x49, 0x64, 0x12, 0x33, 0x0a, 0x0a, 0x70, 0x61, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, + 0x50, 0x61, 0x67, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x52, 0x0a, 0x70, 0x61, 0x67, + 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x52, 0x0a, 0x04, 0x73, 0x6f, 0x72, 0x74, 0x18, + 0x0b, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x64, + 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, + 0x6e, 0x67, 0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, + 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x53, 0x6f, 0x72, 0x74, 0x42, 0x08, 0xba, 0x48, 0x05, + 0x92, 0x01, 0x02, 0x10, 0x01, 0x52, 0x04, 0x73, 0x6f, 0x72, 0x74, 0x22, 0xab, 0x01, 0x0a, 0x20, + 0x4c, 0x69, 0x73, 0x74, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, + 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x12, 0x51, 0x0a, 0x16, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x5f, 0x76, 0x61, 0x6c, 0x75, + 0x65, 0x5f, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x1b, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, + 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x14, 0x64, + 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, + 0x6e, 0x67, 0x73, 0x12, 0x34, 0x0a, 0x0a, 0x70, 0x61, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, + 0x2e, 0x50, 0x61, 0x67, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x52, 0x0a, 0x70, + 0x61, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xc9, 0x0a, 0x0a, 0x20, 0x43, 0x72, + 0x65, 0x61, 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, + 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0xec, + 0x01, 0x0a, 0x17, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x5f, 0x64, 0x65, 0x66, + 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x42, 0xb3, 0x01, 0xba, 0x48, 0xaf, 0x01, 0xba, 0x01, 0xab, 0x01, 0x0a, 0x14, 0x6f, 0x70, 0x74, + 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x5f, 0x75, 0x75, 0x69, 0x64, 0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61, + 0x74, 0x12, 0x23, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x20, 0x66, 0x69, 0x65, 0x6c, + 0x64, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x62, 0x65, 0x20, 0x61, 0x20, 0x76, 0x61, 0x6c, 0x69, + 0x64, 0x20, 0x55, 0x55, 0x49, 0x44, 0x1a, 0x6e, 0x73, 0x69, 0x7a, 0x65, 0x28, 0x74, 0x68, 0x69, + 0x73, 0x29, 0x20, 0x3d, 0x3d, 0x20, 0x30, 0x20, 0x7c, 0x7c, 0x20, 0x74, 0x68, 0x69, 0x73, 0x2e, + 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x28, 0x27, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, + 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x38, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, + 0x2d, 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, + 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, + 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, + 0x7b, 0x31, 0x32, 0x7d, 0x27, 0x29, 0x52, 0x15, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, + 0x65, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x64, 0x12, 0x44, 0x0a, + 0x18, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, + 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x66, 0x71, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, + 0x0a, 0xba, 0x48, 0x07, 0x72, 0x05, 0x10, 0x00, 0x88, 0x01, 0x01, 0x52, 0x16, 0x61, 0x74, 0x74, + 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, + 0x46, 0x71, 0x6e, 0x12, 0x4b, 0x0a, 0x0e, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x5f, 0x72, 0x65, 0x73, + 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x70, 0x6f, + 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, + 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x42, 0x06, 0xba, 0x48, 0x03, 0xc8, 0x01, + 0x01, 0x52, 0x0d, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, + 0x12, 0xb8, 0x01, 0x0a, 0x07, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x41, 0x63, 0x74, 0x69, + 0x6f, 0x6e, 0x42, 0x8d, 0x01, 0xba, 0x48, 0x89, 0x01, 0xba, 0x01, 0x80, 0x01, 0x0a, 0x1b, 0x61, + 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x5f, 0x6f, 0x72, 0x5f, 0x69, 0x64, + 0x5f, 0x6e, 0x6f, 0x74, 0x5f, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x12, 0x2f, 0x41, 0x63, 0x74, 0x69, + 0x6f, 0x6e, 0x20, 0x6e, 0x61, 0x6d, 0x65, 0x20, 0x6f, 0x72, 0x20, 0x49, 0x44, 0x20, 0x6d, 0x75, + 0x73, 0x74, 0x20, 0x6e, 0x6f, 0x74, 0x20, 0x62, 0x65, 0x20, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x20, + 0x69, 0x66, 0x20, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x64, 0x1a, 0x30, 0x74, 0x68, 0x69, + 0x73, 0x2e, 0x61, 0x6c, 0x6c, 0x28, 0x69, 0x74, 0x65, 0x6d, 0x2c, 0x20, 0x69, 0x74, 0x65, 0x6d, + 0x2e, 0x6e, 0x61, 0x6d, 0x65, 0x20, 0x21, 0x3d, 0x20, 0x27, 0x27, 0x20, 0x7c, 0x7c, 0x20, 0x69, + 0x74, 0x65, 0x6d, 0x2e, 0x69, 0x64, 0x20, 0x21, 0x3d, 0x20, 0x27, 0x27, 0x29, 0x92, 0x01, 0x02, + 0x08, 0x01, 0x52, 0x07, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0xfe, 0x01, 0x0a, 0x21, + 0x65, 0x78, 0x69, 0x73, 0x74, 0x69, 0x6e, 0x67, 0x5f, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, + 0x5f, 0x63, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x74, 0x5f, 0x69, + 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x42, 0xb3, 0x01, 0xba, 0x48, 0xaf, 0x01, 0xba, 0x01, + 0xab, 0x01, 0x0a, 0x14, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x5f, 0x75, 0x75, 0x69, + 0x64, 0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0x23, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, + 0x61, 0x6c, 0x20, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x62, 0x65, + 0x20, 0x61, 0x20, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x20, 0x55, 0x55, 0x49, 0x44, 0x1a, 0x6e, 0x73, + 0x69, 0x7a, 0x65, 0x28, 0x74, 0x68, 0x69, 0x73, 0x29, 0x20, 0x3d, 0x3d, 0x20, 0x30, 0x20, 0x7c, + 0x7c, 0x20, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x28, 0x27, + 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x38, 0x7d, 0x2d, 0x5b, + 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, 0x30, + 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, + 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, + 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x31, 0x32, 0x7d, 0x27, 0x29, 0x52, 0x1d, 0x65, + 0x78, 0x69, 0x73, 0x74, 0x69, 0x6e, 0x67, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x43, 0x6f, + 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x74, 0x49, 0x64, 0x12, 0x6b, 0x0a, 0x19, + 0x6e, 0x65, 0x77, 0x5f, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x63, 0x6f, 0x6e, 0x64, + 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x30, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, + 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2e, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x43, + 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x74, 0x43, 0x72, 0x65, 0x61, 0x74, + 0x65, 0x52, 0x16, 0x6e, 0x65, 0x77, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x43, 0x6f, 0x6e, + 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x74, 0x12, 0xd7, 0x01, 0x0a, 0x0c, 0x6e, 0x61, + 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, + 0x42, 0xb3, 0x01, 0xba, 0x48, 0xaf, 0x01, 0xba, 0x01, 0xab, 0x01, 0x0a, 0x14, 0x6f, 0x70, 0x74, + 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x5f, 0x75, 0x75, 0x69, 0x64, 0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61, + 0x74, 0x12, 0x23, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x20, 0x66, 0x69, 0x65, 0x6c, + 0x64, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x62, 0x65, 0x20, 0x61, 0x20, 0x76, 0x61, 0x6c, 0x69, + 0x64, 0x20, 0x55, 0x55, 0x49, 0x44, 0x1a, 0x6e, 0x73, 0x69, 0x7a, 0x65, 0x28, 0x74, 0x68, 0x69, + 0x73, 0x29, 0x20, 0x3d, 0x3d, 0x20, 0x30, 0x20, 0x7c, 0x7c, 0x20, 0x74, 0x68, 0x69, 0x73, 0x2e, + 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x28, 0x27, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, + 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x38, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, + 0x2d, 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, + 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, + 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, + 0x7b, 0x31, 0x32, 0x7d, 0x27, 0x29, 0x52, 0x0b, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, + 0x65, 0x49, 0x64, 0x12, 0x2f, 0x0a, 0x0d, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, + 0x5f, 0x66, 0x71, 0x6e, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x42, 0x0a, 0xba, 0x48, 0x07, 0x72, + 0x05, 0x10, 0x00, 0x88, 0x01, 0x01, 0x52, 0x0c, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, + 0x65, 0x46, 0x71, 0x6e, 0x12, 0x33, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, + 0x18, 0x64, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, + 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x4d, 0x75, 0x74, 0x61, 0x62, 0x6c, 0x65, 0x52, + 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x3a, 0x3a, 0xba, 0x48, 0x37, 0x22, 0x35, + 0x0a, 0x17, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x5f, 0x64, 0x65, 0x66, 0x69, + 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x0a, 0x18, 0x61, 0x74, 0x74, 0x72, 0x69, + 0x62, 0x75, 0x74, 0x65, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, + 0x66, 0x71, 0x6e, 0x10, 0x01, 0x22, 0x74, 0x0a, 0x21, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x44, + 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, + 0x6e, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4f, 0x0a, 0x15, 0x64, 0x79, + 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x5f, 0x6d, 0x61, 0x70, 0x70, + 0x69, 0x6e, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x70, 0x6f, 0x6c, 0x69, + 0x63, 0x79, 0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, + 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x13, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, + 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x22, 0xc6, 0x05, 0x0a, 0x20, + 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, + 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x12, 0x18, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x08, 0xba, 0x48, + 0x05, 0x72, 0x03, 0xb0, 0x01, 0x01, 0x52, 0x02, 0x69, 0x64, 0x12, 0x43, 0x0a, 0x0e, 0x76, 0x61, + 0x6c, 0x75, 0x65, 0x5f, 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x44, 0x79, 0x6e, 0x61, + 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, + 0x52, 0x0d, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x12, + 0xed, 0x01, 0x0a, 0x18, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x63, 0x6f, 0x6e, 0x64, + 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x09, 0x42, 0xb3, 0x01, 0xba, 0x48, 0xaf, 0x01, 0xba, 0x01, 0xab, 0x01, 0x0a, 0x14, 0x6f, + 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x5f, 0x75, 0x75, 0x69, 0x64, 0x5f, 0x66, 0x6f, 0x72, + 0x6d, 0x61, 0x74, 0x12, 0x23, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x20, 0x66, 0x69, + 0x65, 0x6c, 0x64, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x62, 0x65, 0x20, 0x61, 0x20, 0x76, 0x61, + 0x6c, 0x69, 0x64, 0x20, 0x55, 0x55, 0x49, 0x44, 0x1a, 0x6e, 0x73, 0x69, 0x7a, 0x65, 0x28, 0x74, + 0x68, 0x69, 0x73, 0x29, 0x20, 0x3d, 0x3d, 0x20, 0x30, 0x20, 0x7c, 0x7c, 0x20, 0x74, 0x68, 0x69, + 0x73, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x28, 0x27, 0x5b, 0x30, 0x2d, 0x39, 0x61, + 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x38, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, + 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, + 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, + 0x2d, 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, + 0x46, 0x5d, 0x7b, 0x31, 0x32, 0x7d, 0x27, 0x29, 0x52, 0x15, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, + 0x74, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x74, 0x49, 0x64, 0x12, + 0xc7, 0x01, 0x0a, 0x07, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x0e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x41, 0x63, 0x74, 0x69, 0x6f, + 0x6e, 0x42, 0x9c, 0x01, 0xba, 0x48, 0x98, 0x01, 0xba, 0x01, 0x94, 0x01, 0x0a, 0x1b, 0x61, 0x63, + 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x5f, 0x6f, 0x72, 0x5f, 0x69, 0x64, 0x5f, + 0x6e, 0x6f, 0x74, 0x5f, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x12, 0x2f, 0x41, 0x63, 0x74, 0x69, 0x6f, + 0x6e, 0x20, 0x6e, 0x61, 0x6d, 0x65, 0x20, 0x6f, 0x72, 0x20, 0x49, 0x44, 0x20, 0x6d, 0x75, 0x73, + 0x74, 0x20, 0x6e, 0x6f, 0x74, 0x20, 0x62, 0x65, 0x20, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x20, 0x69, + 0x66, 0x20, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x64, 0x1a, 0x44, 0x74, 0x68, 0x69, 0x73, + 0x2e, 0x73, 0x69, 0x7a, 0x65, 0x28, 0x29, 0x20, 0x3d, 0x3d, 0x20, 0x30, 0x20, 0x7c, 0x7c, 0x20, + 0x74, 0x68, 0x69, 0x73, 0x2e, 0x61, 0x6c, 0x6c, 0x28, 0x69, 0x74, 0x65, 0x6d, 0x2c, 0x20, 0x69, + 0x74, 0x65, 0x6d, 0x2e, 0x6e, 0x61, 0x6d, 0x65, 0x20, 0x21, 0x3d, 0x20, 0x27, 0x27, 0x20, 0x7c, + 0x7c, 0x20, 0x69, 0x74, 0x65, 0x6d, 0x2e, 0x69, 0x64, 0x20, 0x21, 0x3d, 0x20, 0x27, 0x27, 0x29, + 0x52, 0x07, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x33, 0x0a, 0x08, 0x6d, 0x65, 0x74, + 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x64, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x63, 0x6f, + 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x4d, 0x75, 0x74, + 0x61, 0x62, 0x6c, 0x65, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x54, + 0x0a, 0x18, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x75, 0x70, 0x64, 0x61, 0x74, + 0x65, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x18, 0x65, 0x20, 0x01, 0x28, 0x0e, + 0x32, 0x1a, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, + 0x74, 0x61, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x45, 0x6e, 0x75, 0x6d, 0x52, 0x16, 0x6d, 0x65, + 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x42, 0x65, 0x68, 0x61, + 0x76, 0x69, 0x6f, 0x72, 0x22, 0x74, 0x0a, 0x21, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x44, 0x79, + 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, + 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4f, 0x0a, 0x15, 0x64, 0x79, 0x6e, + 0x61, 0x6d, 0x69, 0x63, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x5f, 0x6d, 0x61, 0x70, 0x70, 0x69, + 0x6e, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, + 0x79, 0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, + 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x13, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, + 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x22, 0x3c, 0x0a, 0x20, 0x44, 0x65, + 0x6c, 0x65, 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, + 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x18, + 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x08, 0xba, 0x48, 0x05, 0x72, + 0x03, 0xb0, 0x01, 0x01, 0x52, 0x02, 0x69, 0x64, 0x22, 0x74, 0x0a, 0x21, 0x44, 0x65, 0x6c, 0x65, + 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, + 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4f, 0x0a, + 0x15, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x5f, 0x6d, + 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x70, + 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, + 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x13, 0x64, 0x79, 0x6e, 0x61, 0x6d, + 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2a, 0xb2, + 0x01, 0x0a, 0x1c, 0x53, 0x6f, 0x72, 0x74, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, + 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x54, 0x79, 0x70, 0x65, 0x12, + 0x30, 0x0a, 0x2c, 0x53, 0x4f, 0x52, 0x54, 0x5f, 0x44, 0x59, 0x4e, 0x41, 0x4d, 0x49, 0x43, 0x5f, + 0x56, 0x41, 0x4c, 0x55, 0x45, 0x5f, 0x4d, 0x41, 0x50, 0x50, 0x49, 0x4e, 0x47, 0x53, 0x5f, 0x54, + 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, + 0x00, 0x12, 0x2f, 0x0a, 0x2b, 0x53, 0x4f, 0x52, 0x54, 0x5f, 0x44, 0x59, 0x4e, 0x41, 0x4d, 0x49, + 0x43, 0x5f, 0x56, 0x41, 0x4c, 0x55, 0x45, 0x5f, 0x4d, 0x41, 0x50, 0x50, 0x49, 0x4e, 0x47, 0x53, + 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x43, 0x52, 0x45, 0x41, 0x54, 0x45, 0x44, 0x5f, 0x41, 0x54, + 0x10, 0x01, 0x12, 0x2f, 0x0a, 0x2b, 0x53, 0x4f, 0x52, 0x54, 0x5f, 0x44, 0x59, 0x4e, 0x41, 0x4d, + 0x49, 0x43, 0x5f, 0x56, 0x41, 0x4c, 0x55, 0x45, 0x5f, 0x4d, 0x41, 0x50, 0x50, 0x49, 0x4e, 0x47, + 0x53, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x50, 0x44, 0x41, 0x54, 0x45, 0x44, 0x5f, 0x41, + 0x54, 0x10, 0x02, 0x32, 0xa7, 0x06, 0x0a, 0x1a, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, + 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x12, 0x9a, 0x01, 0x0a, 0x18, 0x4c, 0x69, 0x73, 0x74, 0x44, 0x79, 0x6e, 0x61, 0x6d, + 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x12, + 0x3b, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2e, 0x4c, 0x69, 0x73, + 0x74, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, + 0x70, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3c, 0x2e, 0x70, + 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x44, 0x79, + 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, + 0x67, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x03, 0x90, 0x02, 0x01, 0x12, + 0x94, 0x01, 0x0a, 0x16, 0x47, 0x65, 0x74, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, + 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x12, 0x39, 0x2e, 0x70, 0x6f, 0x6c, + 0x69, 0x63, 0x79, 0x2e, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, + 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2e, 0x47, 0x65, 0x74, 0x44, 0x79, 0x6e, 0x61, 0x6d, + 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3a, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x64, + 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, + 0x6e, 0x67, 0x2e, 0x47, 0x65, 0x74, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, + 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x22, 0x03, 0x90, 0x02, 0x01, 0x12, 0x9a, 0x01, 0x0a, 0x19, 0x43, 0x72, 0x65, 0x61, 0x74, + 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, + 0x70, 0x69, 0x6e, 0x67, 0x12, 0x3c, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x64, 0x79, + 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, + 0x67, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, + 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x1a, 0x3d, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x64, 0x79, 0x6e, 0x61, + 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2e, + 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, + 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x22, 0x00, 0x12, 0x9a, 0x01, 0x0a, 0x19, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x44, 0x79, + 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, + 0x67, 0x12, 0x3c, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x64, 0x79, 0x6e, 0x61, 0x6d, + 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2e, 0x55, + 0x70, 0x64, 0x61, 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, + 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, + 0x3d, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2e, 0x55, 0x70, 0x64, + 0x61, 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, + 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, + 0x12, 0x9a, 0x01, 0x0a, 0x19, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, + 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x12, 0x3c, + 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, + 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2e, 0x44, 0x65, 0x6c, 0x65, + 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, + 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3d, 0x2e, 0x70, + 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, + 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, + 0x69, 0x6e, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x87, 0x02, + 0x0a, 0x1e, 0x63, 0x6f, 0x6d, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x64, 0x79, 0x6e, + 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, + 0x42, 0x18, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, + 0x70, 0x70, 0x69, 0x6e, 0x67, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x42, 0x67, 0x69, + 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x70, 0x65, 0x6e, 0x74, 0x64, 0x66, + 0x2f, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, + 0x6f, 0x6c, 0x2f, 0x67, 0x6f, 0x2f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2f, 0x64, 0x79, 0x6e, + 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, + 0xa2, 0x02, 0x03, 0x50, 0x44, 0x58, 0xaa, 0x02, 0x1a, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, + 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, + 0x69, 0x6e, 0x67, 0xca, 0x02, 0x1a, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x5c, 0x44, 0x79, 0x6e, + 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, + 0xe2, 0x02, 0x26, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x5c, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, + 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x5c, 0x47, 0x50, + 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x1b, 0x50, 0x6f, 0x6c, 0x69, + 0x63, 0x79, 0x3a, 0x3a, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, + 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDescOnce sync.Once + file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDescData = file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDesc +) + +func file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDescGZIP() []byte { + file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDescOnce.Do(func() { + file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDescData = protoimpl.X.CompressGZIP(file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDescData) + }) + return file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDescData +} + +var file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_enumTypes = make([]protoimpl.EnumInfo, 1) +var file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes = make([]protoimpl.MessageInfo, 11) +var file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_goTypes = []interface{}{ + (SortDynamicValueMappingsType)(0), // 0: policy.dynamicvaluemapping.SortDynamicValueMappingsType + (*GetDynamicValueMappingRequest)(nil), // 1: policy.dynamicvaluemapping.GetDynamicValueMappingRequest + (*GetDynamicValueMappingResponse)(nil), // 2: policy.dynamicvaluemapping.GetDynamicValueMappingResponse + (*DynamicValueMappingsSort)(nil), // 3: policy.dynamicvaluemapping.DynamicValueMappingsSort + (*ListDynamicValueMappingsRequest)(nil), // 4: policy.dynamicvaluemapping.ListDynamicValueMappingsRequest + (*ListDynamicValueMappingsResponse)(nil), // 5: policy.dynamicvaluemapping.ListDynamicValueMappingsResponse + (*CreateDynamicValueMappingRequest)(nil), // 6: policy.dynamicvaluemapping.CreateDynamicValueMappingRequest + (*CreateDynamicValueMappingResponse)(nil), // 7: policy.dynamicvaluemapping.CreateDynamicValueMappingResponse + (*UpdateDynamicValueMappingRequest)(nil), // 8: policy.dynamicvaluemapping.UpdateDynamicValueMappingRequest + (*UpdateDynamicValueMappingResponse)(nil), // 9: policy.dynamicvaluemapping.UpdateDynamicValueMappingResponse + (*DeleteDynamicValueMappingRequest)(nil), // 10: policy.dynamicvaluemapping.DeleteDynamicValueMappingRequest + (*DeleteDynamicValueMappingResponse)(nil), // 11: policy.dynamicvaluemapping.DeleteDynamicValueMappingResponse + (*policy.DynamicValueMapping)(nil), // 12: policy.DynamicValueMapping + (policy.SortDirection)(0), // 13: policy.SortDirection + (*policy.PageRequest)(nil), // 14: policy.PageRequest + (*policy.PageResponse)(nil), // 15: policy.PageResponse + (*policy.DynamicValueResolver)(nil), // 16: policy.DynamicValueResolver + (*policy.Action)(nil), // 17: policy.Action + (*subjectmapping.SubjectConditionSetCreate)(nil), // 18: policy.subjectmapping.SubjectConditionSetCreate + (*common.MetadataMutable)(nil), // 19: common.MetadataMutable + (common.MetadataUpdateEnum)(0), // 20: common.MetadataUpdateEnum +} +var file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_depIdxs = []int32{ + 12, // 0: policy.dynamicvaluemapping.GetDynamicValueMappingResponse.dynamic_value_mapping:type_name -> policy.DynamicValueMapping + 0, // 1: policy.dynamicvaluemapping.DynamicValueMappingsSort.field:type_name -> policy.dynamicvaluemapping.SortDynamicValueMappingsType + 13, // 2: policy.dynamicvaluemapping.DynamicValueMappingsSort.direction:type_name -> policy.SortDirection + 14, // 3: policy.dynamicvaluemapping.ListDynamicValueMappingsRequest.pagination:type_name -> policy.PageRequest + 3, // 4: policy.dynamicvaluemapping.ListDynamicValueMappingsRequest.sort:type_name -> policy.dynamicvaluemapping.DynamicValueMappingsSort + 12, // 5: policy.dynamicvaluemapping.ListDynamicValueMappingsResponse.dynamic_value_mappings:type_name -> policy.DynamicValueMapping + 15, // 6: policy.dynamicvaluemapping.ListDynamicValueMappingsResponse.pagination:type_name -> policy.PageResponse + 16, // 7: policy.dynamicvaluemapping.CreateDynamicValueMappingRequest.value_resolver:type_name -> policy.DynamicValueResolver + 17, // 8: policy.dynamicvaluemapping.CreateDynamicValueMappingRequest.actions:type_name -> policy.Action + 18, // 9: policy.dynamicvaluemapping.CreateDynamicValueMappingRequest.new_subject_condition_set:type_name -> policy.subjectmapping.SubjectConditionSetCreate + 19, // 10: policy.dynamicvaluemapping.CreateDynamicValueMappingRequest.metadata:type_name -> common.MetadataMutable + 12, // 11: policy.dynamicvaluemapping.CreateDynamicValueMappingResponse.dynamic_value_mapping:type_name -> policy.DynamicValueMapping + 16, // 12: policy.dynamicvaluemapping.UpdateDynamicValueMappingRequest.value_resolver:type_name -> policy.DynamicValueResolver + 17, // 13: policy.dynamicvaluemapping.UpdateDynamicValueMappingRequest.actions:type_name -> policy.Action + 19, // 14: policy.dynamicvaluemapping.UpdateDynamicValueMappingRequest.metadata:type_name -> common.MetadataMutable + 20, // 15: policy.dynamicvaluemapping.UpdateDynamicValueMappingRequest.metadata_update_behavior:type_name -> common.MetadataUpdateEnum + 12, // 16: policy.dynamicvaluemapping.UpdateDynamicValueMappingResponse.dynamic_value_mapping:type_name -> policy.DynamicValueMapping + 12, // 17: policy.dynamicvaluemapping.DeleteDynamicValueMappingResponse.dynamic_value_mapping:type_name -> policy.DynamicValueMapping + 4, // 18: policy.dynamicvaluemapping.DynamicValueMappingService.ListDynamicValueMappings:input_type -> policy.dynamicvaluemapping.ListDynamicValueMappingsRequest + 1, // 19: policy.dynamicvaluemapping.DynamicValueMappingService.GetDynamicValueMapping:input_type -> policy.dynamicvaluemapping.GetDynamicValueMappingRequest + 6, // 20: policy.dynamicvaluemapping.DynamicValueMappingService.CreateDynamicValueMapping:input_type -> policy.dynamicvaluemapping.CreateDynamicValueMappingRequest + 8, // 21: policy.dynamicvaluemapping.DynamicValueMappingService.UpdateDynamicValueMapping:input_type -> policy.dynamicvaluemapping.UpdateDynamicValueMappingRequest + 10, // 22: policy.dynamicvaluemapping.DynamicValueMappingService.DeleteDynamicValueMapping:input_type -> policy.dynamicvaluemapping.DeleteDynamicValueMappingRequest + 5, // 23: policy.dynamicvaluemapping.DynamicValueMappingService.ListDynamicValueMappings:output_type -> policy.dynamicvaluemapping.ListDynamicValueMappingsResponse + 2, // 24: policy.dynamicvaluemapping.DynamicValueMappingService.GetDynamicValueMapping:output_type -> policy.dynamicvaluemapping.GetDynamicValueMappingResponse + 7, // 25: policy.dynamicvaluemapping.DynamicValueMappingService.CreateDynamicValueMapping:output_type -> policy.dynamicvaluemapping.CreateDynamicValueMappingResponse + 9, // 26: policy.dynamicvaluemapping.DynamicValueMappingService.UpdateDynamicValueMapping:output_type -> policy.dynamicvaluemapping.UpdateDynamicValueMappingResponse + 11, // 27: policy.dynamicvaluemapping.DynamicValueMappingService.DeleteDynamicValueMapping:output_type -> policy.dynamicvaluemapping.DeleteDynamicValueMappingResponse + 23, // [23:28] is the sub-list for method output_type + 18, // [18:23] is the sub-list for method input_type + 18, // [18:18] is the sub-list for extension type_name + 18, // [18:18] is the sub-list for extension extendee + 0, // [0:18] is the sub-list for field type_name +} + +func init() { file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_init() } +func file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_init() { + if File_policy_dynamicvaluemapping_dynamic_value_mapping_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*GetDynamicValueMappingRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*GetDynamicValueMappingResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DynamicValueMappingsSort); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ListDynamicValueMappingsRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ListDynamicValueMappingsResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CreateDynamicValueMappingRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CreateDynamicValueMappingResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UpdateDynamicValueMappingRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UpdateDynamicValueMappingResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DeleteDynamicValueMappingRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DeleteDynamicValueMappingResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDesc, + NumEnums: 1, + NumMessages: 11, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_goTypes, + DependencyIndexes: file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_depIdxs, + EnumInfos: file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_enumTypes, + MessageInfos: file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_msgTypes, + }.Build() + File_policy_dynamicvaluemapping_dynamic_value_mapping_proto = out.File + file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDesc = nil + file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_goTypes = nil + file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_depIdxs = nil +} diff --git a/protocol/go/policy/dynamicvaluemapping/dynamic_value_mapping_grpc.pb.go b/protocol/go/policy/dynamicvaluemapping/dynamic_value_mapping_grpc.pb.go new file mode 100644 index 0000000000..513595f0ef --- /dev/null +++ b/protocol/go/policy/dynamicvaluemapping/dynamic_value_mapping_grpc.pb.go @@ -0,0 +1,258 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.3.0 +// - protoc (unknown) +// source: policy/dynamicvaluemapping/dynamic_value_mapping.proto + +package dynamicvaluemapping + +import ( + context "context" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +// Requires gRPC-Go v1.32.0 or later. +const _ = grpc.SupportPackageIsVersion7 + +const ( + DynamicValueMappingService_ListDynamicValueMappings_FullMethodName = "/policy.dynamicvaluemapping.DynamicValueMappingService/ListDynamicValueMappings" + DynamicValueMappingService_GetDynamicValueMapping_FullMethodName = "/policy.dynamicvaluemapping.DynamicValueMappingService/GetDynamicValueMapping" + DynamicValueMappingService_CreateDynamicValueMapping_FullMethodName = "/policy.dynamicvaluemapping.DynamicValueMappingService/CreateDynamicValueMapping" + DynamicValueMappingService_UpdateDynamicValueMapping_FullMethodName = "/policy.dynamicvaluemapping.DynamicValueMappingService/UpdateDynamicValueMapping" + DynamicValueMappingService_DeleteDynamicValueMapping_FullMethodName = "/policy.dynamicvaluemapping.DynamicValueMappingService/DeleteDynamicValueMapping" +) + +// DynamicValueMappingServiceClient is the client API for DynamicValueMappingService service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type DynamicValueMappingServiceClient interface { + ListDynamicValueMappings(ctx context.Context, in *ListDynamicValueMappingsRequest, opts ...grpc.CallOption) (*ListDynamicValueMappingsResponse, error) + GetDynamicValueMapping(ctx context.Context, in *GetDynamicValueMappingRequest, opts ...grpc.CallOption) (*GetDynamicValueMappingResponse, error) + CreateDynamicValueMapping(ctx context.Context, in *CreateDynamicValueMappingRequest, opts ...grpc.CallOption) (*CreateDynamicValueMappingResponse, error) + UpdateDynamicValueMapping(ctx context.Context, in *UpdateDynamicValueMappingRequest, opts ...grpc.CallOption) (*UpdateDynamicValueMappingResponse, error) + DeleteDynamicValueMapping(ctx context.Context, in *DeleteDynamicValueMappingRequest, opts ...grpc.CallOption) (*DeleteDynamicValueMappingResponse, error) +} + +type dynamicValueMappingServiceClient struct { + cc grpc.ClientConnInterface +} + +func NewDynamicValueMappingServiceClient(cc grpc.ClientConnInterface) DynamicValueMappingServiceClient { + return &dynamicValueMappingServiceClient{cc} +} + +func (c *dynamicValueMappingServiceClient) ListDynamicValueMappings(ctx context.Context, in *ListDynamicValueMappingsRequest, opts ...grpc.CallOption) (*ListDynamicValueMappingsResponse, error) { + out := new(ListDynamicValueMappingsResponse) + err := c.cc.Invoke(ctx, DynamicValueMappingService_ListDynamicValueMappings_FullMethodName, in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *dynamicValueMappingServiceClient) GetDynamicValueMapping(ctx context.Context, in *GetDynamicValueMappingRequest, opts ...grpc.CallOption) (*GetDynamicValueMappingResponse, error) { + out := new(GetDynamicValueMappingResponse) + err := c.cc.Invoke(ctx, DynamicValueMappingService_GetDynamicValueMapping_FullMethodName, in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *dynamicValueMappingServiceClient) CreateDynamicValueMapping(ctx context.Context, in *CreateDynamicValueMappingRequest, opts ...grpc.CallOption) (*CreateDynamicValueMappingResponse, error) { + out := new(CreateDynamicValueMappingResponse) + err := c.cc.Invoke(ctx, DynamicValueMappingService_CreateDynamicValueMapping_FullMethodName, in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *dynamicValueMappingServiceClient) UpdateDynamicValueMapping(ctx context.Context, in *UpdateDynamicValueMappingRequest, opts ...grpc.CallOption) (*UpdateDynamicValueMappingResponse, error) { + out := new(UpdateDynamicValueMappingResponse) + err := c.cc.Invoke(ctx, DynamicValueMappingService_UpdateDynamicValueMapping_FullMethodName, in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *dynamicValueMappingServiceClient) DeleteDynamicValueMapping(ctx context.Context, in *DeleteDynamicValueMappingRequest, opts ...grpc.CallOption) (*DeleteDynamicValueMappingResponse, error) { + out := new(DeleteDynamicValueMappingResponse) + err := c.cc.Invoke(ctx, DynamicValueMappingService_DeleteDynamicValueMapping_FullMethodName, in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// DynamicValueMappingServiceServer is the server API for DynamicValueMappingService service. +// All implementations must embed UnimplementedDynamicValueMappingServiceServer +// for forward compatibility +type DynamicValueMappingServiceServer interface { + ListDynamicValueMappings(context.Context, *ListDynamicValueMappingsRequest) (*ListDynamicValueMappingsResponse, error) + GetDynamicValueMapping(context.Context, *GetDynamicValueMappingRequest) (*GetDynamicValueMappingResponse, error) + CreateDynamicValueMapping(context.Context, *CreateDynamicValueMappingRequest) (*CreateDynamicValueMappingResponse, error) + UpdateDynamicValueMapping(context.Context, *UpdateDynamicValueMappingRequest) (*UpdateDynamicValueMappingResponse, error) + DeleteDynamicValueMapping(context.Context, *DeleteDynamicValueMappingRequest) (*DeleteDynamicValueMappingResponse, error) + mustEmbedUnimplementedDynamicValueMappingServiceServer() +} + +// UnimplementedDynamicValueMappingServiceServer must be embedded to have forward compatible implementations. +type UnimplementedDynamicValueMappingServiceServer struct { +} + +func (UnimplementedDynamicValueMappingServiceServer) ListDynamicValueMappings(context.Context, *ListDynamicValueMappingsRequest) (*ListDynamicValueMappingsResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method ListDynamicValueMappings not implemented") +} +func (UnimplementedDynamicValueMappingServiceServer) GetDynamicValueMapping(context.Context, *GetDynamicValueMappingRequest) (*GetDynamicValueMappingResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetDynamicValueMapping not implemented") +} +func (UnimplementedDynamicValueMappingServiceServer) CreateDynamicValueMapping(context.Context, *CreateDynamicValueMappingRequest) (*CreateDynamicValueMappingResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method CreateDynamicValueMapping not implemented") +} +func (UnimplementedDynamicValueMappingServiceServer) UpdateDynamicValueMapping(context.Context, *UpdateDynamicValueMappingRequest) (*UpdateDynamicValueMappingResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method UpdateDynamicValueMapping not implemented") +} +func (UnimplementedDynamicValueMappingServiceServer) DeleteDynamicValueMapping(context.Context, *DeleteDynamicValueMappingRequest) (*DeleteDynamicValueMappingResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteDynamicValueMapping not implemented") +} +func (UnimplementedDynamicValueMappingServiceServer) mustEmbedUnimplementedDynamicValueMappingServiceServer() { +} + +// UnsafeDynamicValueMappingServiceServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to DynamicValueMappingServiceServer will +// result in compilation errors. +type UnsafeDynamicValueMappingServiceServer interface { + mustEmbedUnimplementedDynamicValueMappingServiceServer() +} + +func RegisterDynamicValueMappingServiceServer(s grpc.ServiceRegistrar, srv DynamicValueMappingServiceServer) { + s.RegisterService(&DynamicValueMappingService_ServiceDesc, srv) +} + +func _DynamicValueMappingService_ListDynamicValueMappings_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ListDynamicValueMappingsRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(DynamicValueMappingServiceServer).ListDynamicValueMappings(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: DynamicValueMappingService_ListDynamicValueMappings_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(DynamicValueMappingServiceServer).ListDynamicValueMappings(ctx, req.(*ListDynamicValueMappingsRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _DynamicValueMappingService_GetDynamicValueMapping_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(GetDynamicValueMappingRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(DynamicValueMappingServiceServer).GetDynamicValueMapping(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: DynamicValueMappingService_GetDynamicValueMapping_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(DynamicValueMappingServiceServer).GetDynamicValueMapping(ctx, req.(*GetDynamicValueMappingRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _DynamicValueMappingService_CreateDynamicValueMapping_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(CreateDynamicValueMappingRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(DynamicValueMappingServiceServer).CreateDynamicValueMapping(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: DynamicValueMappingService_CreateDynamicValueMapping_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(DynamicValueMappingServiceServer).CreateDynamicValueMapping(ctx, req.(*CreateDynamicValueMappingRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _DynamicValueMappingService_UpdateDynamicValueMapping_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(UpdateDynamicValueMappingRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(DynamicValueMappingServiceServer).UpdateDynamicValueMapping(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: DynamicValueMappingService_UpdateDynamicValueMapping_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(DynamicValueMappingServiceServer).UpdateDynamicValueMapping(ctx, req.(*UpdateDynamicValueMappingRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _DynamicValueMappingService_DeleteDynamicValueMapping_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DeleteDynamicValueMappingRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(DynamicValueMappingServiceServer).DeleteDynamicValueMapping(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: DynamicValueMappingService_DeleteDynamicValueMapping_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(DynamicValueMappingServiceServer).DeleteDynamicValueMapping(ctx, req.(*DeleteDynamicValueMappingRequest)) + } + return interceptor(ctx, in, info, handler) +} + +// DynamicValueMappingService_ServiceDesc is the grpc.ServiceDesc for DynamicValueMappingService service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var DynamicValueMappingService_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "policy.dynamicvaluemapping.DynamicValueMappingService", + HandlerType: (*DynamicValueMappingServiceServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "ListDynamicValueMappings", + Handler: _DynamicValueMappingService_ListDynamicValueMappings_Handler, + }, + { + MethodName: "GetDynamicValueMapping", + Handler: _DynamicValueMappingService_GetDynamicValueMapping_Handler, + }, + { + MethodName: "CreateDynamicValueMapping", + Handler: _DynamicValueMappingService_CreateDynamicValueMapping_Handler, + }, + { + MethodName: "UpdateDynamicValueMapping", + Handler: _DynamicValueMappingService_UpdateDynamicValueMapping_Handler, + }, + { + MethodName: "DeleteDynamicValueMapping", + Handler: _DynamicValueMappingService_DeleteDynamicValueMapping_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "policy/dynamicvaluemapping/dynamic_value_mapping.proto", +} diff --git a/protocol/go/policy/dynamicvaluemapping/dynamicvaluemappingconnect/dynamic_value_mapping.connect.go b/protocol/go/policy/dynamicvaluemapping/dynamicvaluemappingconnect/dynamic_value_mapping.connect.go new file mode 100644 index 0000000000..dfe90334f5 --- /dev/null +++ b/protocol/go/policy/dynamicvaluemapping/dynamicvaluemappingconnect/dynamic_value_mapping.connect.go @@ -0,0 +1,238 @@ +// Code generated by protoc-gen-connect-go. DO NOT EDIT. +// +// Source: policy/dynamicvaluemapping/dynamic_value_mapping.proto + +package dynamicvaluemappingconnect + +import ( + connect "connectrpc.com/connect" + context "context" + errors "errors" + dynamicvaluemapping "github.com/opentdf/platform/protocol/go/policy/dynamicvaluemapping" + http "net/http" + strings "strings" +) + +// This is a compile-time assertion to ensure that this generated file and the connect package are +// compatible. If you get a compiler error that this constant is not defined, this code was +// generated with a version of connect newer than the one compiled into your binary. You can fix the +// problem by either regenerating this code with an older version of connect or updating the connect +// version compiled into your binary. +const _ = connect.IsAtLeastVersion1_13_0 + +const ( + // DynamicValueMappingServiceName is the fully-qualified name of the DynamicValueMappingService + // service. + DynamicValueMappingServiceName = "policy.dynamicvaluemapping.DynamicValueMappingService" +) + +// These constants are the fully-qualified names of the RPCs defined in this package. They're +// exposed at runtime as Spec.Procedure and as the final two segments of the HTTP route. +// +// Note that these are different from the fully-qualified method names used by +// google.golang.org/protobuf/reflect/protoreflect. To convert from these constants to +// reflection-formatted method names, remove the leading slash and convert the remaining slash to a +// period. +const ( + // DynamicValueMappingServiceListDynamicValueMappingsProcedure is the fully-qualified name of the + // DynamicValueMappingService's ListDynamicValueMappings RPC. + DynamicValueMappingServiceListDynamicValueMappingsProcedure = "/policy.dynamicvaluemapping.DynamicValueMappingService/ListDynamicValueMappings" + // DynamicValueMappingServiceGetDynamicValueMappingProcedure is the fully-qualified name of the + // DynamicValueMappingService's GetDynamicValueMapping RPC. + DynamicValueMappingServiceGetDynamicValueMappingProcedure = "/policy.dynamicvaluemapping.DynamicValueMappingService/GetDynamicValueMapping" + // DynamicValueMappingServiceCreateDynamicValueMappingProcedure is the fully-qualified name of the + // DynamicValueMappingService's CreateDynamicValueMapping RPC. + DynamicValueMappingServiceCreateDynamicValueMappingProcedure = "/policy.dynamicvaluemapping.DynamicValueMappingService/CreateDynamicValueMapping" + // DynamicValueMappingServiceUpdateDynamicValueMappingProcedure is the fully-qualified name of the + // DynamicValueMappingService's UpdateDynamicValueMapping RPC. + DynamicValueMappingServiceUpdateDynamicValueMappingProcedure = "/policy.dynamicvaluemapping.DynamicValueMappingService/UpdateDynamicValueMapping" + // DynamicValueMappingServiceDeleteDynamicValueMappingProcedure is the fully-qualified name of the + // DynamicValueMappingService's DeleteDynamicValueMapping RPC. + DynamicValueMappingServiceDeleteDynamicValueMappingProcedure = "/policy.dynamicvaluemapping.DynamicValueMappingService/DeleteDynamicValueMapping" +) + +// DynamicValueMappingServiceClient is a client for the +// policy.dynamicvaluemapping.DynamicValueMappingService service. +type DynamicValueMappingServiceClient interface { + ListDynamicValueMappings(context.Context, *connect.Request[dynamicvaluemapping.ListDynamicValueMappingsRequest]) (*connect.Response[dynamicvaluemapping.ListDynamicValueMappingsResponse], error) + GetDynamicValueMapping(context.Context, *connect.Request[dynamicvaluemapping.GetDynamicValueMappingRequest]) (*connect.Response[dynamicvaluemapping.GetDynamicValueMappingResponse], error) + CreateDynamicValueMapping(context.Context, *connect.Request[dynamicvaluemapping.CreateDynamicValueMappingRequest]) (*connect.Response[dynamicvaluemapping.CreateDynamicValueMappingResponse], error) + UpdateDynamicValueMapping(context.Context, *connect.Request[dynamicvaluemapping.UpdateDynamicValueMappingRequest]) (*connect.Response[dynamicvaluemapping.UpdateDynamicValueMappingResponse], error) + DeleteDynamicValueMapping(context.Context, *connect.Request[dynamicvaluemapping.DeleteDynamicValueMappingRequest]) (*connect.Response[dynamicvaluemapping.DeleteDynamicValueMappingResponse], error) +} + +// NewDynamicValueMappingServiceClient constructs a client for the +// policy.dynamicvaluemapping.DynamicValueMappingService service. By default, it uses the Connect +// protocol with the binary Protobuf Codec, asks for gzipped responses, and sends uncompressed +// requests. To use the gRPC or gRPC-Web protocols, supply the connect.WithGRPC() or +// connect.WithGRPCWeb() options. +// +// The URL supplied here should be the base URL for the Connect or gRPC server (for example, +// http://api.acme.com or https://acme.com/grpc). +func NewDynamicValueMappingServiceClient(httpClient connect.HTTPClient, baseURL string, opts ...connect.ClientOption) DynamicValueMappingServiceClient { + baseURL = strings.TrimRight(baseURL, "/") + dynamicValueMappingServiceMethods := dynamicvaluemapping.File_policy_dynamicvaluemapping_dynamic_value_mapping_proto.Services().ByName("DynamicValueMappingService").Methods() + return &dynamicValueMappingServiceClient{ + listDynamicValueMappings: connect.NewClient[dynamicvaluemapping.ListDynamicValueMappingsRequest, dynamicvaluemapping.ListDynamicValueMappingsResponse]( + httpClient, + baseURL+DynamicValueMappingServiceListDynamicValueMappingsProcedure, + connect.WithSchema(dynamicValueMappingServiceMethods.ByName("ListDynamicValueMappings")), + connect.WithIdempotency(connect.IdempotencyNoSideEffects), + connect.WithClientOptions(opts...), + ), + getDynamicValueMapping: connect.NewClient[dynamicvaluemapping.GetDynamicValueMappingRequest, dynamicvaluemapping.GetDynamicValueMappingResponse]( + httpClient, + baseURL+DynamicValueMappingServiceGetDynamicValueMappingProcedure, + connect.WithSchema(dynamicValueMappingServiceMethods.ByName("GetDynamicValueMapping")), + connect.WithIdempotency(connect.IdempotencyNoSideEffects), + connect.WithClientOptions(opts...), + ), + createDynamicValueMapping: connect.NewClient[dynamicvaluemapping.CreateDynamicValueMappingRequest, dynamicvaluemapping.CreateDynamicValueMappingResponse]( + httpClient, + baseURL+DynamicValueMappingServiceCreateDynamicValueMappingProcedure, + connect.WithSchema(dynamicValueMappingServiceMethods.ByName("CreateDynamicValueMapping")), + connect.WithClientOptions(opts...), + ), + updateDynamicValueMapping: connect.NewClient[dynamicvaluemapping.UpdateDynamicValueMappingRequest, dynamicvaluemapping.UpdateDynamicValueMappingResponse]( + httpClient, + baseURL+DynamicValueMappingServiceUpdateDynamicValueMappingProcedure, + connect.WithSchema(dynamicValueMappingServiceMethods.ByName("UpdateDynamicValueMapping")), + connect.WithClientOptions(opts...), + ), + deleteDynamicValueMapping: connect.NewClient[dynamicvaluemapping.DeleteDynamicValueMappingRequest, dynamicvaluemapping.DeleteDynamicValueMappingResponse]( + httpClient, + baseURL+DynamicValueMappingServiceDeleteDynamicValueMappingProcedure, + connect.WithSchema(dynamicValueMappingServiceMethods.ByName("DeleteDynamicValueMapping")), + connect.WithClientOptions(opts...), + ), + } +} + +// dynamicValueMappingServiceClient implements DynamicValueMappingServiceClient. +type dynamicValueMappingServiceClient struct { + listDynamicValueMappings *connect.Client[dynamicvaluemapping.ListDynamicValueMappingsRequest, dynamicvaluemapping.ListDynamicValueMappingsResponse] + getDynamicValueMapping *connect.Client[dynamicvaluemapping.GetDynamicValueMappingRequest, dynamicvaluemapping.GetDynamicValueMappingResponse] + createDynamicValueMapping *connect.Client[dynamicvaluemapping.CreateDynamicValueMappingRequest, dynamicvaluemapping.CreateDynamicValueMappingResponse] + updateDynamicValueMapping *connect.Client[dynamicvaluemapping.UpdateDynamicValueMappingRequest, dynamicvaluemapping.UpdateDynamicValueMappingResponse] + deleteDynamicValueMapping *connect.Client[dynamicvaluemapping.DeleteDynamicValueMappingRequest, dynamicvaluemapping.DeleteDynamicValueMappingResponse] +} + +// ListDynamicValueMappings calls +// policy.dynamicvaluemapping.DynamicValueMappingService.ListDynamicValueMappings. +func (c *dynamicValueMappingServiceClient) ListDynamicValueMappings(ctx context.Context, req *connect.Request[dynamicvaluemapping.ListDynamicValueMappingsRequest]) (*connect.Response[dynamicvaluemapping.ListDynamicValueMappingsResponse], error) { + return c.listDynamicValueMappings.CallUnary(ctx, req) +} + +// GetDynamicValueMapping calls +// policy.dynamicvaluemapping.DynamicValueMappingService.GetDynamicValueMapping. +func (c *dynamicValueMappingServiceClient) GetDynamicValueMapping(ctx context.Context, req *connect.Request[dynamicvaluemapping.GetDynamicValueMappingRequest]) (*connect.Response[dynamicvaluemapping.GetDynamicValueMappingResponse], error) { + return c.getDynamicValueMapping.CallUnary(ctx, req) +} + +// CreateDynamicValueMapping calls +// policy.dynamicvaluemapping.DynamicValueMappingService.CreateDynamicValueMapping. +func (c *dynamicValueMappingServiceClient) CreateDynamicValueMapping(ctx context.Context, req *connect.Request[dynamicvaluemapping.CreateDynamicValueMappingRequest]) (*connect.Response[dynamicvaluemapping.CreateDynamicValueMappingResponse], error) { + return c.createDynamicValueMapping.CallUnary(ctx, req) +} + +// UpdateDynamicValueMapping calls +// policy.dynamicvaluemapping.DynamicValueMappingService.UpdateDynamicValueMapping. +func (c *dynamicValueMappingServiceClient) UpdateDynamicValueMapping(ctx context.Context, req *connect.Request[dynamicvaluemapping.UpdateDynamicValueMappingRequest]) (*connect.Response[dynamicvaluemapping.UpdateDynamicValueMappingResponse], error) { + return c.updateDynamicValueMapping.CallUnary(ctx, req) +} + +// DeleteDynamicValueMapping calls +// policy.dynamicvaluemapping.DynamicValueMappingService.DeleteDynamicValueMapping. +func (c *dynamicValueMappingServiceClient) DeleteDynamicValueMapping(ctx context.Context, req *connect.Request[dynamicvaluemapping.DeleteDynamicValueMappingRequest]) (*connect.Response[dynamicvaluemapping.DeleteDynamicValueMappingResponse], error) { + return c.deleteDynamicValueMapping.CallUnary(ctx, req) +} + +// DynamicValueMappingServiceHandler is an implementation of the +// policy.dynamicvaluemapping.DynamicValueMappingService service. +type DynamicValueMappingServiceHandler interface { + ListDynamicValueMappings(context.Context, *connect.Request[dynamicvaluemapping.ListDynamicValueMappingsRequest]) (*connect.Response[dynamicvaluemapping.ListDynamicValueMappingsResponse], error) + GetDynamicValueMapping(context.Context, *connect.Request[dynamicvaluemapping.GetDynamicValueMappingRequest]) (*connect.Response[dynamicvaluemapping.GetDynamicValueMappingResponse], error) + CreateDynamicValueMapping(context.Context, *connect.Request[dynamicvaluemapping.CreateDynamicValueMappingRequest]) (*connect.Response[dynamicvaluemapping.CreateDynamicValueMappingResponse], error) + UpdateDynamicValueMapping(context.Context, *connect.Request[dynamicvaluemapping.UpdateDynamicValueMappingRequest]) (*connect.Response[dynamicvaluemapping.UpdateDynamicValueMappingResponse], error) + DeleteDynamicValueMapping(context.Context, *connect.Request[dynamicvaluemapping.DeleteDynamicValueMappingRequest]) (*connect.Response[dynamicvaluemapping.DeleteDynamicValueMappingResponse], error) +} + +// NewDynamicValueMappingServiceHandler builds an HTTP handler from the service implementation. It +// returns the path on which to mount the handler and the handler itself. +// +// By default, handlers support the Connect, gRPC, and gRPC-Web protocols with the binary Protobuf +// and JSON codecs. They also support gzip compression. +func NewDynamicValueMappingServiceHandler(svc DynamicValueMappingServiceHandler, opts ...connect.HandlerOption) (string, http.Handler) { + dynamicValueMappingServiceMethods := dynamicvaluemapping.File_policy_dynamicvaluemapping_dynamic_value_mapping_proto.Services().ByName("DynamicValueMappingService").Methods() + dynamicValueMappingServiceListDynamicValueMappingsHandler := connect.NewUnaryHandler( + DynamicValueMappingServiceListDynamicValueMappingsProcedure, + svc.ListDynamicValueMappings, + connect.WithSchema(dynamicValueMappingServiceMethods.ByName("ListDynamicValueMappings")), + connect.WithIdempotency(connect.IdempotencyNoSideEffects), + connect.WithHandlerOptions(opts...), + ) + dynamicValueMappingServiceGetDynamicValueMappingHandler := connect.NewUnaryHandler( + DynamicValueMappingServiceGetDynamicValueMappingProcedure, + svc.GetDynamicValueMapping, + connect.WithSchema(dynamicValueMappingServiceMethods.ByName("GetDynamicValueMapping")), + connect.WithIdempotency(connect.IdempotencyNoSideEffects), + connect.WithHandlerOptions(opts...), + ) + dynamicValueMappingServiceCreateDynamicValueMappingHandler := connect.NewUnaryHandler( + DynamicValueMappingServiceCreateDynamicValueMappingProcedure, + svc.CreateDynamicValueMapping, + connect.WithSchema(dynamicValueMappingServiceMethods.ByName("CreateDynamicValueMapping")), + connect.WithHandlerOptions(opts...), + ) + dynamicValueMappingServiceUpdateDynamicValueMappingHandler := connect.NewUnaryHandler( + DynamicValueMappingServiceUpdateDynamicValueMappingProcedure, + svc.UpdateDynamicValueMapping, + connect.WithSchema(dynamicValueMappingServiceMethods.ByName("UpdateDynamicValueMapping")), + connect.WithHandlerOptions(opts...), + ) + dynamicValueMappingServiceDeleteDynamicValueMappingHandler := connect.NewUnaryHandler( + DynamicValueMappingServiceDeleteDynamicValueMappingProcedure, + svc.DeleteDynamicValueMapping, + connect.WithSchema(dynamicValueMappingServiceMethods.ByName("DeleteDynamicValueMapping")), + connect.WithHandlerOptions(opts...), + ) + return "/policy.dynamicvaluemapping.DynamicValueMappingService/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + switch r.URL.Path { + case DynamicValueMappingServiceListDynamicValueMappingsProcedure: + dynamicValueMappingServiceListDynamicValueMappingsHandler.ServeHTTP(w, r) + case DynamicValueMappingServiceGetDynamicValueMappingProcedure: + dynamicValueMappingServiceGetDynamicValueMappingHandler.ServeHTTP(w, r) + case DynamicValueMappingServiceCreateDynamicValueMappingProcedure: + dynamicValueMappingServiceCreateDynamicValueMappingHandler.ServeHTTP(w, r) + case DynamicValueMappingServiceUpdateDynamicValueMappingProcedure: + dynamicValueMappingServiceUpdateDynamicValueMappingHandler.ServeHTTP(w, r) + case DynamicValueMappingServiceDeleteDynamicValueMappingProcedure: + dynamicValueMappingServiceDeleteDynamicValueMappingHandler.ServeHTTP(w, r) + default: + http.NotFound(w, r) + } + }) +} + +// UnimplementedDynamicValueMappingServiceHandler returns CodeUnimplemented from all methods. +type UnimplementedDynamicValueMappingServiceHandler struct{} + +func (UnimplementedDynamicValueMappingServiceHandler) ListDynamicValueMappings(context.Context, *connect.Request[dynamicvaluemapping.ListDynamicValueMappingsRequest]) (*connect.Response[dynamicvaluemapping.ListDynamicValueMappingsResponse], error) { + return nil, connect.NewError(connect.CodeUnimplemented, errors.New("policy.dynamicvaluemapping.DynamicValueMappingService.ListDynamicValueMappings is not implemented")) +} + +func (UnimplementedDynamicValueMappingServiceHandler) GetDynamicValueMapping(context.Context, *connect.Request[dynamicvaluemapping.GetDynamicValueMappingRequest]) (*connect.Response[dynamicvaluemapping.GetDynamicValueMappingResponse], error) { + return nil, connect.NewError(connect.CodeUnimplemented, errors.New("policy.dynamicvaluemapping.DynamicValueMappingService.GetDynamicValueMapping is not implemented")) +} + +func (UnimplementedDynamicValueMappingServiceHandler) CreateDynamicValueMapping(context.Context, *connect.Request[dynamicvaluemapping.CreateDynamicValueMappingRequest]) (*connect.Response[dynamicvaluemapping.CreateDynamicValueMappingResponse], error) { + return nil, connect.NewError(connect.CodeUnimplemented, errors.New("policy.dynamicvaluemapping.DynamicValueMappingService.CreateDynamicValueMapping is not implemented")) +} + +func (UnimplementedDynamicValueMappingServiceHandler) UpdateDynamicValueMapping(context.Context, *connect.Request[dynamicvaluemapping.UpdateDynamicValueMappingRequest]) (*connect.Response[dynamicvaluemapping.UpdateDynamicValueMappingResponse], error) { + return nil, connect.NewError(connect.CodeUnimplemented, errors.New("policy.dynamicvaluemapping.DynamicValueMappingService.UpdateDynamicValueMapping is not implemented")) +} + +func (UnimplementedDynamicValueMappingServiceHandler) DeleteDynamicValueMapping(context.Context, *connect.Request[dynamicvaluemapping.DeleteDynamicValueMappingRequest]) (*connect.Response[dynamicvaluemapping.DeleteDynamicValueMappingResponse], error) { + return nil, connect.NewError(connect.CodeUnimplemented, errors.New("policy.dynamicvaluemapping.DynamicValueMappingService.DeleteDynamicValueMapping is not implemented")) +} diff --git a/protocol/go/policy/objects.pb.go b/protocol/go/policy/objects.pb.go index b9eda84a37..4d90965eda 100644 --- a/protocol/go/policy/objects.pb.go +++ b/protocol/go/policy/objects.pb.go @@ -180,6 +180,64 @@ func (ConditionBooleanTypeEnum) EnumDescriptor() ([]byte, []int) { return file_policy_objects_proto_rawDescGZIP(), []int{2} } +// Operators for dynamic, definition-level value entitlement. Unlike +// SubjectMappingOperatorEnum, whose right-hand operand is a static list authored into +// policy, a DynamicValueOperatorEnum's right-hand operand is the requested resource's +// attribute value segment, supplied at decision time. Each value is the inversion of its +// static SubjectMappingOperatorEnum counterpart. +type DynamicValueOperatorEnum int32 + +const ( + DynamicValueOperatorEnum_DYNAMIC_VALUE_OPERATOR_ENUM_UNSPECIFIED DynamicValueOperatorEnum = 0 + // true when the requested resource value segment equals one of the values resolved by + // the selector against the entity representation (inversion of IN) + DynamicValueOperatorEnum_DYNAMIC_VALUE_OPERATOR_ENUM_RESOURCE_VALUE_IN DynamicValueOperatorEnum = 1 + // true when one of the selector-resolved entity values contains the requested resource + // value segment as a substring (inversion of IN_CONTAINS) + DynamicValueOperatorEnum_DYNAMIC_VALUE_OPERATOR_ENUM_RESOURCE_VALUE_IN_CONTAINS DynamicValueOperatorEnum = 2 +) + +// Enum value maps for DynamicValueOperatorEnum. +var ( + DynamicValueOperatorEnum_name = map[int32]string{ + 0: "DYNAMIC_VALUE_OPERATOR_ENUM_UNSPECIFIED", + 1: "DYNAMIC_VALUE_OPERATOR_ENUM_RESOURCE_VALUE_IN", + 2: "DYNAMIC_VALUE_OPERATOR_ENUM_RESOURCE_VALUE_IN_CONTAINS", + } + DynamicValueOperatorEnum_value = map[string]int32{ + "DYNAMIC_VALUE_OPERATOR_ENUM_UNSPECIFIED": 0, + "DYNAMIC_VALUE_OPERATOR_ENUM_RESOURCE_VALUE_IN": 1, + "DYNAMIC_VALUE_OPERATOR_ENUM_RESOURCE_VALUE_IN_CONTAINS": 2, + } +) + +func (x DynamicValueOperatorEnum) Enum() *DynamicValueOperatorEnum { + p := new(DynamicValueOperatorEnum) + *p = x + return p +} + +func (x DynamicValueOperatorEnum) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (DynamicValueOperatorEnum) Descriptor() protoreflect.EnumDescriptor { + return file_policy_objects_proto_enumTypes[3].Descriptor() +} + +func (DynamicValueOperatorEnum) Type() protoreflect.EnumType { + return &file_policy_objects_proto_enumTypes[3] +} + +func (x DynamicValueOperatorEnum) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use DynamicValueOperatorEnum.Descriptor instead. +func (DynamicValueOperatorEnum) EnumDescriptor() ([]byte, []int) { + return file_policy_objects_proto_rawDescGZIP(), []int{3} +} + // Describes whether this kas is managed by the organization or if they imported // the kas information from an external party. These two modes are necessary in order // to encrypt a tdf dek with an external parties kas public key. @@ -218,11 +276,11 @@ func (x SourceType) String() string { } func (SourceType) Descriptor() protoreflect.EnumDescriptor { - return file_policy_objects_proto_enumTypes[3].Descriptor() + return file_policy_objects_proto_enumTypes[4].Descriptor() } func (SourceType) Type() protoreflect.EnumType { - return &file_policy_objects_proto_enumTypes[3] + return &file_policy_objects_proto_enumTypes[4] } func (x SourceType) Number() protoreflect.EnumNumber { @@ -231,7 +289,7 @@ func (x SourceType) Number() protoreflect.EnumNumber { // Deprecated: Use SourceType.Descriptor instead. func (SourceType) EnumDescriptor() ([]byte, []int) { - return file_policy_objects_proto_rawDescGZIP(), []int{3} + return file_policy_objects_proto_rawDescGZIP(), []int{4} } type KasPublicKeyAlgEnum int32 @@ -285,11 +343,11 @@ func (x KasPublicKeyAlgEnum) String() string { } func (KasPublicKeyAlgEnum) Descriptor() protoreflect.EnumDescriptor { - return file_policy_objects_proto_enumTypes[4].Descriptor() + return file_policy_objects_proto_enumTypes[5].Descriptor() } func (KasPublicKeyAlgEnum) Type() protoreflect.EnumType { - return &file_policy_objects_proto_enumTypes[4] + return &file_policy_objects_proto_enumTypes[5] } func (x KasPublicKeyAlgEnum) Number() protoreflect.EnumNumber { @@ -298,7 +356,7 @@ func (x KasPublicKeyAlgEnum) Number() protoreflect.EnumNumber { // Deprecated: Use KasPublicKeyAlgEnum.Descriptor instead. func (KasPublicKeyAlgEnum) EnumDescriptor() ([]byte, []int) { - return file_policy_objects_proto_rawDescGZIP(), []int{4} + return file_policy_objects_proto_rawDescGZIP(), []int{5} } // Supported key algorithms. @@ -353,11 +411,11 @@ func (x Algorithm) String() string { } func (Algorithm) Descriptor() protoreflect.EnumDescriptor { - return file_policy_objects_proto_enumTypes[5].Descriptor() + return file_policy_objects_proto_enumTypes[6].Descriptor() } func (Algorithm) Type() protoreflect.EnumType { - return &file_policy_objects_proto_enumTypes[5] + return &file_policy_objects_proto_enumTypes[6] } func (x Algorithm) Number() protoreflect.EnumNumber { @@ -366,7 +424,7 @@ func (x Algorithm) Number() protoreflect.EnumNumber { // Deprecated: Use Algorithm.Descriptor instead. func (Algorithm) EnumDescriptor() ([]byte, []int) { - return file_policy_objects_proto_rawDescGZIP(), []int{5} + return file_policy_objects_proto_rawDescGZIP(), []int{6} } // The status of the key @@ -403,11 +461,11 @@ func (x KeyStatus) String() string { } func (KeyStatus) Descriptor() protoreflect.EnumDescriptor { - return file_policy_objects_proto_enumTypes[6].Descriptor() + return file_policy_objects_proto_enumTypes[7].Descriptor() } func (KeyStatus) Type() protoreflect.EnumType { - return &file_policy_objects_proto_enumTypes[6] + return &file_policy_objects_proto_enumTypes[7] } func (x KeyStatus) Number() protoreflect.EnumNumber { @@ -416,7 +474,7 @@ func (x KeyStatus) Number() protoreflect.EnumNumber { // Deprecated: Use KeyStatus.Descriptor instead. func (KeyStatus) EnumDescriptor() ([]byte, []int) { - return file_policy_objects_proto_rawDescGZIP(), []int{6} + return file_policy_objects_proto_rawDescGZIP(), []int{7} } // Describes the management and operational mode of a cryptographic key. @@ -472,11 +530,11 @@ func (x KeyMode) String() string { } func (KeyMode) Descriptor() protoreflect.EnumDescriptor { - return file_policy_objects_proto_enumTypes[7].Descriptor() + return file_policy_objects_proto_enumTypes[8].Descriptor() } func (KeyMode) Type() protoreflect.EnumType { - return &file_policy_objects_proto_enumTypes[7] + return &file_policy_objects_proto_enumTypes[8] } func (x KeyMode) Number() protoreflect.EnumNumber { @@ -485,7 +543,7 @@ func (x KeyMode) Number() protoreflect.EnumNumber { // Deprecated: Use KeyMode.Descriptor instead. func (KeyMode) EnumDescriptor() ([]byte, []int) { - return file_policy_objects_proto_rawDescGZIP(), []int{7} + return file_policy_objects_proto_rawDescGZIP(), []int{8} } type Action_StandardAction int32 @@ -525,11 +583,11 @@ func (x Action_StandardAction) String() string { } func (Action_StandardAction) Descriptor() protoreflect.EnumDescriptor { - return file_policy_objects_proto_enumTypes[8].Descriptor() + return file_policy_objects_proto_enumTypes[9].Descriptor() } func (Action_StandardAction) Type() protoreflect.EnumType { - return &file_policy_objects_proto_enumTypes[8] + return &file_policy_objects_proto_enumTypes[9] } func (x Action_StandardAction) Number() protoreflect.EnumNumber { @@ -1331,6 +1389,174 @@ func (x *SubjectMapping) GetMetadata() *common.Metadata { return nil } +// Definition Value Resolver: the dynamic half of a DynamicValueMapping. It +// resolves a selector against the entity representation and compares the result to the +// requested resource value segment using a DynamicValueOperatorEnum. +type DynamicValueResolver struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // a selector for a field value on a flattened Entity Representation (such as from + // idP/LDAP), e.g. ".patientAssignments[]" + SubjectExternalSelectorValue string `protobuf:"bytes,1,opt,name=subject_external_selector_value,json=subjectExternalSelectorValue,proto3" json:"subject_external_selector_value,omitempty"` + // the dynamic operator comparing the selector result to the resource value segment + Operator DynamicValueOperatorEnum `protobuf:"varint,2,opt,name=operator,proto3,enum=policy.DynamicValueOperatorEnum" json:"operator,omitempty"` +} + +func (x *DynamicValueResolver) Reset() { + *x = DynamicValueResolver{} + if protoimpl.UnsafeEnabled { + mi := &file_policy_objects_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *DynamicValueResolver) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DynamicValueResolver) ProtoMessage() {} + +func (x *DynamicValueResolver) ProtoReflect() protoreflect.Message { + mi := &file_policy_objects_proto_msgTypes[8] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DynamicValueResolver.ProtoReflect.Descriptor instead. +func (*DynamicValueResolver) Descriptor() ([]byte, []int) { + return file_policy_objects_proto_rawDescGZIP(), []int{8} +} + +func (x *DynamicValueResolver) GetSubjectExternalSelectorValue() string { + if x != nil { + return x.SubjectExternalSelectorValue + } + return "" +} + +func (x *DynamicValueResolver) GetOperator() DynamicValueOperatorEnum { + if x != nil { + return x.Operator + } + return DynamicValueOperatorEnum_DYNAMIC_VALUE_OPERATOR_ENUM_UNSPECIFIED +} + +// Dynamic Value Mapping: a Policy assigning permitted action(s) to +// dynamically-requested values under an Attribute Definition. It raises entitlement +// authority from a concrete Attribute Value to the Attribute Definition: at decision time +// the value_resolver compares the requested resource value segment against the entity +// representation, avoiding pre-provisioning a value + subject mapping per discrete value. +type DynamicValueMapping struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` + // the Attribute Definition whose values are entitled dynamically + AttributeDefinition *Attribute `protobuf:"bytes,2,opt,name=attribute_definition,json=attributeDefinition,proto3" json:"attribute_definition,omitempty"` + // the dynamic resolver matched against the requested resource value segment + ValueResolver *DynamicValueResolver `protobuf:"bytes,3,opt,name=value_resolver,json=valueResolver,proto3" json:"value_resolver,omitempty"` + // optional static pre-gate on the entity, evaluated with normal SubjectConditionSet + // semantics (no dynamic overload). When present, both the gate and the resolver must + // pass for entitlement. + SubjectConditionSet *SubjectConditionSet `protobuf:"bytes,4,opt,name=subject_condition_set,json=subjectConditionSet,proto3" json:"subject_condition_set,omitempty"` + // the actions permitted by subjects in this mapping + Actions []*Action `protobuf:"bytes,5,rep,name=actions,proto3" json:"actions,omitempty"` + // the namespace containing this mapping + Namespace *Namespace `protobuf:"bytes,6,opt,name=namespace,proto3" json:"namespace,omitempty"` + Metadata *common.Metadata `protobuf:"bytes,100,opt,name=metadata,proto3" json:"metadata,omitempty"` +} + +func (x *DynamicValueMapping) Reset() { + *x = DynamicValueMapping{} + if protoimpl.UnsafeEnabled { + mi := &file_policy_objects_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *DynamicValueMapping) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DynamicValueMapping) ProtoMessage() {} + +func (x *DynamicValueMapping) ProtoReflect() protoreflect.Message { + mi := &file_policy_objects_proto_msgTypes[9] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DynamicValueMapping.ProtoReflect.Descriptor instead. +func (*DynamicValueMapping) Descriptor() ([]byte, []int) { + return file_policy_objects_proto_rawDescGZIP(), []int{9} +} + +func (x *DynamicValueMapping) GetId() string { + if x != nil { + return x.Id + } + return "" +} + +func (x *DynamicValueMapping) GetAttributeDefinition() *Attribute { + if x != nil { + return x.AttributeDefinition + } + return nil +} + +func (x *DynamicValueMapping) GetValueResolver() *DynamicValueResolver { + if x != nil { + return x.ValueResolver + } + return nil +} + +func (x *DynamicValueMapping) GetSubjectConditionSet() *SubjectConditionSet { + if x != nil { + return x.SubjectConditionSet + } + return nil +} + +func (x *DynamicValueMapping) GetActions() []*Action { + if x != nil { + return x.Actions + } + return nil +} + +func (x *DynamicValueMapping) GetNamespace() *Namespace { + if x != nil { + return x.Namespace + } + return nil +} + +func (x *DynamicValueMapping) GetMetadata() *common.Metadata { + if x != nil { + return x.Metadata + } + return nil +} + // * // A Condition defines a rule of @@ -1353,7 +1579,7 @@ type Condition struct { func (x *Condition) Reset() { *x = Condition{} if protoimpl.UnsafeEnabled { - mi := &file_policy_objects_proto_msgTypes[8] + mi := &file_policy_objects_proto_msgTypes[10] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1366,7 +1592,7 @@ func (x *Condition) String() string { func (*Condition) ProtoMessage() {} func (x *Condition) ProtoReflect() protoreflect.Message { - mi := &file_policy_objects_proto_msgTypes[8] + mi := &file_policy_objects_proto_msgTypes[10] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1379,7 +1605,7 @@ func (x *Condition) ProtoReflect() protoreflect.Message { // Deprecated: Use Condition.ProtoReflect.Descriptor instead. func (*Condition) Descriptor() ([]byte, []int) { - return file_policy_objects_proto_rawDescGZIP(), []int{8} + return file_policy_objects_proto_rawDescGZIP(), []int{10} } func (x *Condition) GetSubjectExternalSelectorValue() string { @@ -1417,7 +1643,7 @@ type ConditionGroup struct { func (x *ConditionGroup) Reset() { *x = ConditionGroup{} if protoimpl.UnsafeEnabled { - mi := &file_policy_objects_proto_msgTypes[9] + mi := &file_policy_objects_proto_msgTypes[11] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1430,7 +1656,7 @@ func (x *ConditionGroup) String() string { func (*ConditionGroup) ProtoMessage() {} func (x *ConditionGroup) ProtoReflect() protoreflect.Message { - mi := &file_policy_objects_proto_msgTypes[9] + mi := &file_policy_objects_proto_msgTypes[11] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1443,7 +1669,7 @@ func (x *ConditionGroup) ProtoReflect() protoreflect.Message { // Deprecated: Use ConditionGroup.ProtoReflect.Descriptor instead. func (*ConditionGroup) Descriptor() ([]byte, []int) { - return file_policy_objects_proto_rawDescGZIP(), []int{9} + return file_policy_objects_proto_rawDescGZIP(), []int{11} } func (x *ConditionGroup) GetConditions() []*Condition { @@ -1473,7 +1699,7 @@ type SubjectSet struct { func (x *SubjectSet) Reset() { *x = SubjectSet{} if protoimpl.UnsafeEnabled { - mi := &file_policy_objects_proto_msgTypes[10] + mi := &file_policy_objects_proto_msgTypes[12] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1486,7 +1712,7 @@ func (x *SubjectSet) String() string { func (*SubjectSet) ProtoMessage() {} func (x *SubjectSet) ProtoReflect() protoreflect.Message { - mi := &file_policy_objects_proto_msgTypes[10] + mi := &file_policy_objects_proto_msgTypes[12] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1499,7 +1725,7 @@ func (x *SubjectSet) ProtoReflect() protoreflect.Message { // Deprecated: Use SubjectSet.ProtoReflect.Descriptor instead. func (*SubjectSet) Descriptor() ([]byte, []int) { - return file_policy_objects_proto_rawDescGZIP(), []int{10} + return file_policy_objects_proto_rawDescGZIP(), []int{12} } func (x *SubjectSet) GetConditionGroups() []*ConditionGroup { @@ -1531,7 +1757,7 @@ type SubjectConditionSet struct { func (x *SubjectConditionSet) Reset() { *x = SubjectConditionSet{} if protoimpl.UnsafeEnabled { - mi := &file_policy_objects_proto_msgTypes[11] + mi := &file_policy_objects_proto_msgTypes[13] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1544,7 +1770,7 @@ func (x *SubjectConditionSet) String() string { func (*SubjectConditionSet) ProtoMessage() {} func (x *SubjectConditionSet) ProtoReflect() protoreflect.Message { - mi := &file_policy_objects_proto_msgTypes[11] + mi := &file_policy_objects_proto_msgTypes[13] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1557,7 +1783,7 @@ func (x *SubjectConditionSet) ProtoReflect() protoreflect.Message { // Deprecated: Use SubjectConditionSet.ProtoReflect.Descriptor instead. func (*SubjectConditionSet) Descriptor() ([]byte, []int) { - return file_policy_objects_proto_rawDescGZIP(), []int{11} + return file_policy_objects_proto_rawDescGZIP(), []int{13} } func (x *SubjectConditionSet) GetId() string { @@ -1610,7 +1836,7 @@ type SubjectProperty struct { func (x *SubjectProperty) Reset() { *x = SubjectProperty{} if protoimpl.UnsafeEnabled { - mi := &file_policy_objects_proto_msgTypes[12] + mi := &file_policy_objects_proto_msgTypes[14] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1623,7 +1849,7 @@ func (x *SubjectProperty) String() string { func (*SubjectProperty) ProtoMessage() {} func (x *SubjectProperty) ProtoReflect() protoreflect.Message { - mi := &file_policy_objects_proto_msgTypes[12] + mi := &file_policy_objects_proto_msgTypes[14] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1636,7 +1862,7 @@ func (x *SubjectProperty) ProtoReflect() protoreflect.Message { // Deprecated: Use SubjectProperty.ProtoReflect.Descriptor instead. func (*SubjectProperty) Descriptor() ([]byte, []int) { - return file_policy_objects_proto_rawDescGZIP(), []int{12} + return file_policy_objects_proto_rawDescGZIP(), []int{14} } func (x *SubjectProperty) GetExternalSelectorValue() string { @@ -1675,7 +1901,7 @@ type ResourceMappingGroup struct { func (x *ResourceMappingGroup) Reset() { *x = ResourceMappingGroup{} if protoimpl.UnsafeEnabled { - mi := &file_policy_objects_proto_msgTypes[13] + mi := &file_policy_objects_proto_msgTypes[15] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1688,7 +1914,7 @@ func (x *ResourceMappingGroup) String() string { func (*ResourceMappingGroup) ProtoMessage() {} func (x *ResourceMappingGroup) ProtoReflect() protoreflect.Message { - mi := &file_policy_objects_proto_msgTypes[13] + mi := &file_policy_objects_proto_msgTypes[15] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1701,7 +1927,7 @@ func (x *ResourceMappingGroup) ProtoReflect() protoreflect.Message { // Deprecated: Use ResourceMappingGroup.ProtoReflect.Descriptor instead. func (*ResourceMappingGroup) Descriptor() ([]byte, []int) { - return file_policy_objects_proto_rawDescGZIP(), []int{13} + return file_policy_objects_proto_rawDescGZIP(), []int{15} } func (x *ResourceMappingGroup) GetId() string { @@ -1756,7 +1982,7 @@ type ResourceMapping struct { func (x *ResourceMapping) Reset() { *x = ResourceMapping{} if protoimpl.UnsafeEnabled { - mi := &file_policy_objects_proto_msgTypes[14] + mi := &file_policy_objects_proto_msgTypes[16] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1769,7 +1995,7 @@ func (x *ResourceMapping) String() string { func (*ResourceMapping) ProtoMessage() {} func (x *ResourceMapping) ProtoReflect() protoreflect.Message { - mi := &file_policy_objects_proto_msgTypes[14] + mi := &file_policy_objects_proto_msgTypes[16] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1782,7 +2008,7 @@ func (x *ResourceMapping) ProtoReflect() protoreflect.Message { // Deprecated: Use ResourceMapping.ProtoReflect.Descriptor instead. func (*ResourceMapping) Descriptor() ([]byte, []int) { - return file_policy_objects_proto_rawDescGZIP(), []int{14} + return file_policy_objects_proto_rawDescGZIP(), []int{16} } func (x *ResourceMapping) GetId() string { @@ -1845,7 +2071,7 @@ type KeyAccessServer struct { func (x *KeyAccessServer) Reset() { *x = KeyAccessServer{} if protoimpl.UnsafeEnabled { - mi := &file_policy_objects_proto_msgTypes[15] + mi := &file_policy_objects_proto_msgTypes[17] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1858,7 +2084,7 @@ func (x *KeyAccessServer) String() string { func (*KeyAccessServer) ProtoMessage() {} func (x *KeyAccessServer) ProtoReflect() protoreflect.Message { - mi := &file_policy_objects_proto_msgTypes[15] + mi := &file_policy_objects_proto_msgTypes[17] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1871,7 +2097,7 @@ func (x *KeyAccessServer) ProtoReflect() protoreflect.Message { // Deprecated: Use KeyAccessServer.ProtoReflect.Descriptor instead. func (*KeyAccessServer) Descriptor() ([]byte, []int) { - return file_policy_objects_proto_rawDescGZIP(), []int{15} + return file_policy_objects_proto_rawDescGZIP(), []int{17} } func (x *KeyAccessServer) GetId() string { @@ -1941,7 +2167,7 @@ type Key struct { func (x *Key) Reset() { *x = Key{} if protoimpl.UnsafeEnabled { - mi := &file_policy_objects_proto_msgTypes[16] + mi := &file_policy_objects_proto_msgTypes[18] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1954,7 +2180,7 @@ func (x *Key) String() string { func (*Key) ProtoMessage() {} func (x *Key) ProtoReflect() protoreflect.Message { - mi := &file_policy_objects_proto_msgTypes[16] + mi := &file_policy_objects_proto_msgTypes[18] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1967,7 +2193,7 @@ func (x *Key) ProtoReflect() protoreflect.Message { // Deprecated: Use Key.ProtoReflect.Descriptor instead. func (*Key) Descriptor() ([]byte, []int) { - return file_policy_objects_proto_rawDescGZIP(), []int{16} + return file_policy_objects_proto_rawDescGZIP(), []int{18} } func (x *Key) GetId() string { @@ -2032,7 +2258,7 @@ type KasPublicKey struct { func (x *KasPublicKey) Reset() { *x = KasPublicKey{} if protoimpl.UnsafeEnabled { - mi := &file_policy_objects_proto_msgTypes[17] + mi := &file_policy_objects_proto_msgTypes[19] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2045,7 +2271,7 @@ func (x *KasPublicKey) String() string { func (*KasPublicKey) ProtoMessage() {} func (x *KasPublicKey) ProtoReflect() protoreflect.Message { - mi := &file_policy_objects_proto_msgTypes[17] + mi := &file_policy_objects_proto_msgTypes[19] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2058,7 +2284,7 @@ func (x *KasPublicKey) ProtoReflect() protoreflect.Message { // Deprecated: Use KasPublicKey.ProtoReflect.Descriptor instead. func (*KasPublicKey) Descriptor() ([]byte, []int) { - return file_policy_objects_proto_rawDescGZIP(), []int{17} + return file_policy_objects_proto_rawDescGZIP(), []int{19} } func (x *KasPublicKey) GetPem() string { @@ -2095,7 +2321,7 @@ type KasPublicKeySet struct { func (x *KasPublicKeySet) Reset() { *x = KasPublicKeySet{} if protoimpl.UnsafeEnabled { - mi := &file_policy_objects_proto_msgTypes[18] + mi := &file_policy_objects_proto_msgTypes[20] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2108,7 +2334,7 @@ func (x *KasPublicKeySet) String() string { func (*KasPublicKeySet) ProtoMessage() {} func (x *KasPublicKeySet) ProtoReflect() protoreflect.Message { - mi := &file_policy_objects_proto_msgTypes[18] + mi := &file_policy_objects_proto_msgTypes[20] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2121,7 +2347,7 @@ func (x *KasPublicKeySet) ProtoReflect() protoreflect.Message { // Deprecated: Use KasPublicKeySet.ProtoReflect.Descriptor instead. func (*KasPublicKeySet) Descriptor() ([]byte, []int) { - return file_policy_objects_proto_rawDescGZIP(), []int{18} + return file_policy_objects_proto_rawDescGZIP(), []int{20} } func (x *KasPublicKeySet) GetKeys() []*KasPublicKey { @@ -2147,7 +2373,7 @@ type PublicKey struct { func (x *PublicKey) Reset() { *x = PublicKey{} if protoimpl.UnsafeEnabled { - mi := &file_policy_objects_proto_msgTypes[19] + mi := &file_policy_objects_proto_msgTypes[21] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2160,7 +2386,7 @@ func (x *PublicKey) String() string { func (*PublicKey) ProtoMessage() {} func (x *PublicKey) ProtoReflect() protoreflect.Message { - mi := &file_policy_objects_proto_msgTypes[19] + mi := &file_policy_objects_proto_msgTypes[21] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2173,7 +2399,7 @@ func (x *PublicKey) ProtoReflect() protoreflect.Message { // Deprecated: Use PublicKey.ProtoReflect.Descriptor instead. func (*PublicKey) Descriptor() ([]byte, []int) { - return file_policy_objects_proto_rawDescGZIP(), []int{19} + return file_policy_objects_proto_rawDescGZIP(), []int{21} } func (m *PublicKey) GetPublicKey() isPublicKey_PublicKey { @@ -2231,7 +2457,7 @@ type RegisteredResource struct { func (x *RegisteredResource) Reset() { *x = RegisteredResource{} if protoimpl.UnsafeEnabled { - mi := &file_policy_objects_proto_msgTypes[20] + mi := &file_policy_objects_proto_msgTypes[22] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2244,7 +2470,7 @@ func (x *RegisteredResource) String() string { func (*RegisteredResource) ProtoMessage() {} func (x *RegisteredResource) ProtoReflect() protoreflect.Message { - mi := &file_policy_objects_proto_msgTypes[20] + mi := &file_policy_objects_proto_msgTypes[22] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2257,7 +2483,7 @@ func (x *RegisteredResource) ProtoReflect() protoreflect.Message { // Deprecated: Use RegisteredResource.ProtoReflect.Descriptor instead. func (*RegisteredResource) Descriptor() ([]byte, []int) { - return file_policy_objects_proto_rawDescGZIP(), []int{20} + return file_policy_objects_proto_rawDescGZIP(), []int{22} } func (x *RegisteredResource) GetId() string { @@ -2312,7 +2538,7 @@ type RegisteredResourceValue struct { func (x *RegisteredResourceValue) Reset() { *x = RegisteredResourceValue{} if protoimpl.UnsafeEnabled { - mi := &file_policy_objects_proto_msgTypes[21] + mi := &file_policy_objects_proto_msgTypes[23] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2325,7 +2551,7 @@ func (x *RegisteredResourceValue) String() string { func (*RegisteredResourceValue) ProtoMessage() {} func (x *RegisteredResourceValue) ProtoReflect() protoreflect.Message { - mi := &file_policy_objects_proto_msgTypes[21] + mi := &file_policy_objects_proto_msgTypes[23] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2338,7 +2564,7 @@ func (x *RegisteredResourceValue) ProtoReflect() protoreflect.Message { // Deprecated: Use RegisteredResourceValue.ProtoReflect.Descriptor instead. func (*RegisteredResourceValue) Descriptor() ([]byte, []int) { - return file_policy_objects_proto_rawDescGZIP(), []int{21} + return file_policy_objects_proto_rawDescGZIP(), []int{23} } func (x *RegisteredResourceValue) GetId() string { @@ -2394,7 +2620,7 @@ type PolicyEnforcementPoint struct { func (x *PolicyEnforcementPoint) Reset() { *x = PolicyEnforcementPoint{} if protoimpl.UnsafeEnabled { - mi := &file_policy_objects_proto_msgTypes[22] + mi := &file_policy_objects_proto_msgTypes[24] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2407,7 +2633,7 @@ func (x *PolicyEnforcementPoint) String() string { func (*PolicyEnforcementPoint) ProtoMessage() {} func (x *PolicyEnforcementPoint) ProtoReflect() protoreflect.Message { - mi := &file_policy_objects_proto_msgTypes[22] + mi := &file_policy_objects_proto_msgTypes[24] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2420,7 +2646,7 @@ func (x *PolicyEnforcementPoint) ProtoReflect() protoreflect.Message { // Deprecated: Use PolicyEnforcementPoint.ProtoReflect.Descriptor instead. func (*PolicyEnforcementPoint) Descriptor() ([]byte, []int) { - return file_policy_objects_proto_rawDescGZIP(), []int{22} + return file_policy_objects_proto_rawDescGZIP(), []int{24} } func (x *PolicyEnforcementPoint) GetClientId() string { @@ -2442,7 +2668,7 @@ type RequestContext struct { func (x *RequestContext) Reset() { *x = RequestContext{} if protoimpl.UnsafeEnabled { - mi := &file_policy_objects_proto_msgTypes[23] + mi := &file_policy_objects_proto_msgTypes[25] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2455,7 +2681,7 @@ func (x *RequestContext) String() string { func (*RequestContext) ProtoMessage() {} func (x *RequestContext) ProtoReflect() protoreflect.Message { - mi := &file_policy_objects_proto_msgTypes[23] + mi := &file_policy_objects_proto_msgTypes[25] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2468,7 +2694,7 @@ func (x *RequestContext) ProtoReflect() protoreflect.Message { // Deprecated: Use RequestContext.ProtoReflect.Descriptor instead. func (*RequestContext) Descriptor() ([]byte, []int) { - return file_policy_objects_proto_rawDescGZIP(), []int{23} + return file_policy_objects_proto_rawDescGZIP(), []int{25} } func (x *RequestContext) GetPep() *PolicyEnforcementPoint { @@ -2494,7 +2720,7 @@ type Obligation struct { func (x *Obligation) Reset() { *x = Obligation{} if protoimpl.UnsafeEnabled { - mi := &file_policy_objects_proto_msgTypes[24] + mi := &file_policy_objects_proto_msgTypes[26] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2507,7 +2733,7 @@ func (x *Obligation) String() string { func (*Obligation) ProtoMessage() {} func (x *Obligation) ProtoReflect() protoreflect.Message { - mi := &file_policy_objects_proto_msgTypes[24] + mi := &file_policy_objects_proto_msgTypes[26] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2520,7 +2746,7 @@ func (x *Obligation) ProtoReflect() protoreflect.Message { // Deprecated: Use Obligation.ProtoReflect.Descriptor instead. func (*Obligation) Descriptor() ([]byte, []int) { - return file_policy_objects_proto_rawDescGZIP(), []int{24} + return file_policy_objects_proto_rawDescGZIP(), []int{26} } func (x *Obligation) GetId() string { @@ -2581,7 +2807,7 @@ type ObligationValue struct { func (x *ObligationValue) Reset() { *x = ObligationValue{} if protoimpl.UnsafeEnabled { - mi := &file_policy_objects_proto_msgTypes[25] + mi := &file_policy_objects_proto_msgTypes[27] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2594,7 +2820,7 @@ func (x *ObligationValue) String() string { func (*ObligationValue) ProtoMessage() {} func (x *ObligationValue) ProtoReflect() protoreflect.Message { - mi := &file_policy_objects_proto_msgTypes[25] + mi := &file_policy_objects_proto_msgTypes[27] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2607,7 +2833,7 @@ func (x *ObligationValue) ProtoReflect() protoreflect.Message { // Deprecated: Use ObligationValue.ProtoReflect.Descriptor instead. func (*ObligationValue) Descriptor() ([]byte, []int) { - return file_policy_objects_proto_rawDescGZIP(), []int{25} + return file_policy_objects_proto_rawDescGZIP(), []int{27} } func (x *ObligationValue) GetId() string { @@ -2670,7 +2896,7 @@ type ObligationTrigger struct { func (x *ObligationTrigger) Reset() { *x = ObligationTrigger{} if protoimpl.UnsafeEnabled { - mi := &file_policy_objects_proto_msgTypes[26] + mi := &file_policy_objects_proto_msgTypes[28] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2683,7 +2909,7 @@ func (x *ObligationTrigger) String() string { func (*ObligationTrigger) ProtoMessage() {} func (x *ObligationTrigger) ProtoReflect() protoreflect.Message { - mi := &file_policy_objects_proto_msgTypes[26] + mi := &file_policy_objects_proto_msgTypes[28] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2696,7 +2922,7 @@ func (x *ObligationTrigger) ProtoReflect() protoreflect.Message { // Deprecated: Use ObligationTrigger.ProtoReflect.Descriptor instead. func (*ObligationTrigger) Descriptor() ([]byte, []int) { - return file_policy_objects_proto_rawDescGZIP(), []int{26} + return file_policy_objects_proto_rawDescGZIP(), []int{28} } func (x *ObligationTrigger) GetId() string { @@ -2761,7 +2987,7 @@ type KasKey struct { func (x *KasKey) Reset() { *x = KasKey{} if protoimpl.UnsafeEnabled { - mi := &file_policy_objects_proto_msgTypes[27] + mi := &file_policy_objects_proto_msgTypes[29] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2774,7 +3000,7 @@ func (x *KasKey) String() string { func (*KasKey) ProtoMessage() {} func (x *KasKey) ProtoReflect() protoreflect.Message { - mi := &file_policy_objects_proto_msgTypes[27] + mi := &file_policy_objects_proto_msgTypes[29] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2787,7 +3013,7 @@ func (x *KasKey) ProtoReflect() protoreflect.Message { // Deprecated: Use KasKey.ProtoReflect.Descriptor instead. func (*KasKey) Descriptor() ([]byte, []int) { - return file_policy_objects_proto_rawDescGZIP(), []int{27} + return file_policy_objects_proto_rawDescGZIP(), []int{29} } func (x *KasKey) GetKasId() string { @@ -2823,7 +3049,7 @@ type PublicKeyCtx struct { func (x *PublicKeyCtx) Reset() { *x = PublicKeyCtx{} if protoimpl.UnsafeEnabled { - mi := &file_policy_objects_proto_msgTypes[28] + mi := &file_policy_objects_proto_msgTypes[30] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2836,7 +3062,7 @@ func (x *PublicKeyCtx) String() string { func (*PublicKeyCtx) ProtoMessage() {} func (x *PublicKeyCtx) ProtoReflect() protoreflect.Message { - mi := &file_policy_objects_proto_msgTypes[28] + mi := &file_policy_objects_proto_msgTypes[30] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2849,7 +3075,7 @@ func (x *PublicKeyCtx) ProtoReflect() protoreflect.Message { // Deprecated: Use PublicKeyCtx.ProtoReflect.Descriptor instead. func (*PublicKeyCtx) Descriptor() ([]byte, []int) { - return file_policy_objects_proto_rawDescGZIP(), []int{28} + return file_policy_objects_proto_rawDescGZIP(), []int{30} } func (x *PublicKeyCtx) GetPem() string { @@ -2873,7 +3099,7 @@ type PrivateKeyCtx struct { func (x *PrivateKeyCtx) Reset() { *x = PrivateKeyCtx{} if protoimpl.UnsafeEnabled { - mi := &file_policy_objects_proto_msgTypes[29] + mi := &file_policy_objects_proto_msgTypes[31] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2886,7 +3112,7 @@ func (x *PrivateKeyCtx) String() string { func (*PrivateKeyCtx) ProtoMessage() {} func (x *PrivateKeyCtx) ProtoReflect() protoreflect.Message { - mi := &file_policy_objects_proto_msgTypes[29] + mi := &file_policy_objects_proto_msgTypes[31] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2899,7 +3125,7 @@ func (x *PrivateKeyCtx) ProtoReflect() protoreflect.Message { // Deprecated: Use PrivateKeyCtx.ProtoReflect.Descriptor instead. func (*PrivateKeyCtx) Descriptor() ([]byte, []int) { - return file_policy_objects_proto_rawDescGZIP(), []int{29} + return file_policy_objects_proto_rawDescGZIP(), []int{31} } func (x *PrivateKeyCtx) GetKeyId() string { @@ -2946,7 +3172,7 @@ type AsymmetricKey struct { func (x *AsymmetricKey) Reset() { *x = AsymmetricKey{} if protoimpl.UnsafeEnabled { - mi := &file_policy_objects_proto_msgTypes[30] + mi := &file_policy_objects_proto_msgTypes[32] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2959,7 +3185,7 @@ func (x *AsymmetricKey) String() string { func (*AsymmetricKey) ProtoMessage() {} func (x *AsymmetricKey) ProtoReflect() protoreflect.Message { - mi := &file_policy_objects_proto_msgTypes[30] + mi := &file_policy_objects_proto_msgTypes[32] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2972,7 +3198,7 @@ func (x *AsymmetricKey) ProtoReflect() protoreflect.Message { // Deprecated: Use AsymmetricKey.ProtoReflect.Descriptor instead. func (*AsymmetricKey) Descriptor() ([]byte, []int) { - return file_policy_objects_proto_rawDescGZIP(), []int{30} + return file_policy_objects_proto_rawDescGZIP(), []int{32} } func (x *AsymmetricKey) GetId() string { @@ -3063,7 +3289,7 @@ type SymmetricKey struct { func (x *SymmetricKey) Reset() { *x = SymmetricKey{} if protoimpl.UnsafeEnabled { - mi := &file_policy_objects_proto_msgTypes[31] + mi := &file_policy_objects_proto_msgTypes[33] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -3076,7 +3302,7 @@ func (x *SymmetricKey) String() string { func (*SymmetricKey) ProtoMessage() {} func (x *SymmetricKey) ProtoReflect() protoreflect.Message { - mi := &file_policy_objects_proto_msgTypes[31] + mi := &file_policy_objects_proto_msgTypes[33] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -3089,7 +3315,7 @@ func (x *SymmetricKey) ProtoReflect() protoreflect.Message { // Deprecated: Use SymmetricKey.ProtoReflect.Descriptor instead. func (*SymmetricKey) Descriptor() ([]byte, []int) { - return file_policy_objects_proto_rawDescGZIP(), []int{31} + return file_policy_objects_proto_rawDescGZIP(), []int{33} } func (x *SymmetricKey) GetId() string { @@ -3156,7 +3382,7 @@ type RegisteredResourceValue_ActionAttributeValue struct { func (x *RegisteredResourceValue_ActionAttributeValue) Reset() { *x = RegisteredResourceValue_ActionAttributeValue{} if protoimpl.UnsafeEnabled { - mi := &file_policy_objects_proto_msgTypes[32] + mi := &file_policy_objects_proto_msgTypes[34] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -3169,7 +3395,7 @@ func (x *RegisteredResourceValue_ActionAttributeValue) String() string { func (*RegisteredResourceValue_ActionAttributeValue) ProtoMessage() {} func (x *RegisteredResourceValue_ActionAttributeValue) ProtoReflect() protoreflect.Message { - mi := &file_policy_objects_proto_msgTypes[32] + mi := &file_policy_objects_proto_msgTypes[34] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -3182,7 +3408,7 @@ func (x *RegisteredResourceValue_ActionAttributeValue) ProtoReflect() protorefle // Deprecated: Use RegisteredResourceValue_ActionAttributeValue.ProtoReflect.Descriptor instead. func (*RegisteredResourceValue_ActionAttributeValue) Descriptor() ([]byte, []int) { - return file_policy_objects_proto_rawDescGZIP(), []int{21, 0} + return file_policy_objects_proto_rawDescGZIP(), []int{23, 0} } func (x *RegisteredResourceValue_ActionAttributeValue) GetId() string { @@ -3367,6 +3593,42 @@ var file_policy_objects_proto_rawDesc = []byte{ 0x61, 0x63, 0x65, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x2c, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x64, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, + 0x74, 0x61, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x22, 0xb0, 0x01, 0x0a, + 0x14, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, 0x73, + 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x12, 0x4d, 0x0a, 0x1f, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, + 0x5f, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, + 0x6f, 0x72, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x06, + 0xba, 0x48, 0x03, 0xc8, 0x01, 0x01, 0x52, 0x1c, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x45, + 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x56, + 0x61, 0x6c, 0x75, 0x65, 0x12, 0x49, 0x0a, 0x08, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x20, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, + 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4f, 0x70, 0x65, 0x72, + 0x61, 0x74, 0x6f, 0x72, 0x45, 0x6e, 0x75, 0x6d, 0x42, 0x0b, 0xba, 0x48, 0x08, 0xc8, 0x01, 0x01, + 0x82, 0x01, 0x02, 0x10, 0x01, 0x52, 0x08, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x22, + 0x8a, 0x03, 0x0a, 0x13, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, + 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x44, 0x0a, 0x14, 0x61, 0x74, 0x74, 0x72, 0x69, + 0x62, 0x75, 0x74, 0x65, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x41, + 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, 0x13, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, + 0x75, 0x74, 0x65, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x43, 0x0a, + 0x0e, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x5f, 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x44, + 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, + 0x76, 0x65, 0x72, 0x52, 0x0d, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, + 0x65, 0x72, 0x12, 0x4f, 0x0a, 0x15, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x63, 0x6f, + 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x1b, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x53, 0x75, 0x62, 0x6a, 0x65, + 0x63, 0x74, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x74, 0x52, 0x13, + 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, + 0x53, 0x65, 0x74, 0x12, 0x28, 0x0a, 0x07, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x05, + 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x41, 0x63, + 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x2f, 0x0a, + 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x11, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, + 0x61, 0x63, 0x65, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x2c, + 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x64, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x10, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x22, 0xe9, 0x01, 0x0a, 0x09, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x4d, 0x0a, 0x1f, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5f, 0x73, @@ -3740,79 +4002,90 @@ var file_policy_objects_proto_rawDesc = []byte{ 0x41, 0x4e, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x41, 0x4e, 0x44, 0x10, 0x01, 0x12, 0x22, 0x0a, 0x1e, 0x43, 0x4f, 0x4e, 0x44, 0x49, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x42, 0x4f, 0x4f, 0x4c, 0x45, 0x41, 0x4e, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x4e, 0x55, - 0x4d, 0x5f, 0x4f, 0x52, 0x10, 0x02, 0x2a, 0x5d, 0x0a, 0x0a, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, - 0x54, 0x79, 0x70, 0x65, 0x12, 0x1b, 0x0a, 0x17, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x5f, 0x54, - 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, - 0x00, 0x12, 0x18, 0x0a, 0x14, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, - 0x5f, 0x49, 0x4e, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x4c, 0x10, 0x01, 0x12, 0x18, 0x0a, 0x14, 0x53, - 0x4f, 0x55, 0x52, 0x43, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x58, 0x54, 0x45, 0x52, - 0x4e, 0x41, 0x4c, 0x10, 0x02, 0x2a, 0x9b, 0x03, 0x0a, 0x13, 0x4b, 0x61, 0x73, 0x50, 0x75, 0x62, - 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x41, 0x6c, 0x67, 0x45, 0x6e, 0x75, 0x6d, 0x12, 0x27, 0x0a, - 0x23, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, - 0x41, 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, - 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x24, 0x0a, 0x20, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, + 0x4d, 0x5f, 0x4f, 0x52, 0x10, 0x02, 0x2a, 0xb6, 0x01, 0x0a, 0x18, 0x44, 0x79, 0x6e, 0x61, 0x6d, + 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x45, + 0x6e, 0x75, 0x6d, 0x12, 0x2b, 0x0a, 0x27, 0x44, 0x59, 0x4e, 0x41, 0x4d, 0x49, 0x43, 0x5f, 0x56, + 0x41, 0x4c, 0x55, 0x45, 0x5f, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x4f, 0x52, 0x5f, 0x45, 0x4e, + 0x55, 0x4d, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, + 0x12, 0x31, 0x0a, 0x2d, 0x44, 0x59, 0x4e, 0x41, 0x4d, 0x49, 0x43, 0x5f, 0x56, 0x41, 0x4c, 0x55, + 0x45, 0x5f, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x4f, 0x52, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, + 0x52, 0x45, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x5f, 0x56, 0x41, 0x4c, 0x55, 0x45, 0x5f, 0x49, + 0x4e, 0x10, 0x01, 0x12, 0x3a, 0x0a, 0x36, 0x44, 0x59, 0x4e, 0x41, 0x4d, 0x49, 0x43, 0x5f, 0x56, + 0x41, 0x4c, 0x55, 0x45, 0x5f, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x4f, 0x52, 0x5f, 0x45, 0x4e, + 0x55, 0x4d, 0x5f, 0x52, 0x45, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x5f, 0x56, 0x41, 0x4c, 0x55, + 0x45, 0x5f, 0x49, 0x4e, 0x5f, 0x43, 0x4f, 0x4e, 0x54, 0x41, 0x49, 0x4e, 0x53, 0x10, 0x02, 0x2a, + 0x5d, 0x0a, 0x0a, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1b, 0x0a, + 0x17, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53, + 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x18, 0x0a, 0x14, 0x53, 0x4f, + 0x55, 0x52, 0x43, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x49, 0x4e, 0x54, 0x45, 0x52, 0x4e, + 0x41, 0x4c, 0x10, 0x01, 0x12, 0x18, 0x0a, 0x14, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x5f, 0x54, + 0x59, 0x50, 0x45, 0x5f, 0x45, 0x58, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x4c, 0x10, 0x02, 0x2a, 0x9b, + 0x03, 0x0a, 0x13, 0x4b, 0x61, 0x73, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x41, + 0x6c, 0x67, 0x45, 0x6e, 0x75, 0x6d, 0x12, 0x27, 0x0a, 0x23, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55, - 0x4d, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x10, 0x01, 0x12, 0x24, 0x0a, 0x20, - 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x41, - 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x34, 0x30, 0x39, 0x36, - 0x10, 0x02, 0x12, 0x28, 0x0a, 0x24, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, - 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x45, 0x43, - 0x5f, 0x53, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x52, 0x31, 0x10, 0x05, 0x12, 0x28, 0x0a, 0x24, - 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x41, - 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x45, 0x43, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x33, - 0x38, 0x34, 0x52, 0x31, 0x10, 0x06, 0x12, 0x28, 0x0a, 0x24, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, + 0x4d, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, + 0x24, 0x0a, 0x20, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, + 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x32, + 0x30, 0x34, 0x38, 0x10, 0x01, 0x12, 0x24, 0x0a, 0x20, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, + 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55, 0x4d, + 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x34, 0x30, 0x39, 0x36, 0x10, 0x02, 0x12, 0x28, 0x0a, 0x24, 0x4b, + 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, + 0x47, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x45, 0x43, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x32, 0x35, + 0x36, 0x52, 0x31, 0x10, 0x05, 0x12, 0x28, 0x0a, 0x24, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, + 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55, 0x4d, + 0x5f, 0x45, 0x43, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x33, 0x38, 0x34, 0x52, 0x31, 0x10, 0x06, 0x12, + 0x28, 0x0a, 0x24, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, + 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x45, 0x43, 0x5f, 0x53, 0x45, + 0x43, 0x50, 0x35, 0x32, 0x31, 0x52, 0x31, 0x10, 0x07, 0x12, 0x26, 0x0a, 0x22, 0x4b, 0x41, 0x53, + 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x5f, + 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x48, 0x50, 0x51, 0x54, 0x5f, 0x58, 0x57, 0x49, 0x4e, 0x47, 0x10, + 0x0a, 0x12, 0x33, 0x0a, 0x2f, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, + 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x48, 0x50, 0x51, + 0x54, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x52, 0x31, 0x5f, 0x4d, 0x4c, 0x4b, 0x45, + 0x4d, 0x37, 0x36, 0x38, 0x10, 0x0b, 0x12, 0x34, 0x0a, 0x30, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55, - 0x4d, 0x5f, 0x45, 0x43, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x35, 0x32, 0x31, 0x52, 0x31, 0x10, 0x07, - 0x12, 0x26, 0x0a, 0x22, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, - 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x48, 0x50, 0x51, 0x54, - 0x5f, 0x58, 0x57, 0x49, 0x4e, 0x47, 0x10, 0x0a, 0x12, 0x33, 0x0a, 0x2f, 0x4b, 0x41, 0x53, 0x5f, - 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x5f, 0x45, - 0x4e, 0x55, 0x4d, 0x5f, 0x48, 0x50, 0x51, 0x54, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, - 0x52, 0x31, 0x5f, 0x4d, 0x4c, 0x4b, 0x45, 0x4d, 0x37, 0x36, 0x38, 0x10, 0x0b, 0x12, 0x34, 0x0a, - 0x30, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, - 0x41, 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x48, 0x50, 0x51, 0x54, 0x5f, 0x53, 0x45, - 0x43, 0x50, 0x33, 0x38, 0x34, 0x52, 0x31, 0x5f, 0x4d, 0x4c, 0x4b, 0x45, 0x4d, 0x31, 0x30, 0x32, - 0x34, 0x10, 0x0c, 0x2a, 0x84, 0x02, 0x0a, 0x09, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, - 0x6d, 0x12, 0x19, 0x0a, 0x15, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x55, - 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x16, 0x0a, 0x12, - 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x32, 0x30, - 0x34, 0x38, 0x10, 0x01, 0x12, 0x16, 0x0a, 0x12, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, - 0x4d, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x34, 0x30, 0x39, 0x36, 0x10, 0x02, 0x12, 0x15, 0x0a, 0x11, - 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x45, 0x43, 0x5f, 0x50, 0x32, 0x35, - 0x36, 0x10, 0x03, 0x12, 0x15, 0x0a, 0x11, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, - 0x5f, 0x45, 0x43, 0x5f, 0x50, 0x33, 0x38, 0x34, 0x10, 0x04, 0x12, 0x15, 0x0a, 0x11, 0x41, 0x4c, - 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x45, 0x43, 0x5f, 0x50, 0x35, 0x32, 0x31, 0x10, - 0x05, 0x12, 0x18, 0x0a, 0x14, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x48, - 0x50, 0x51, 0x54, 0x5f, 0x58, 0x57, 0x49, 0x4e, 0x47, 0x10, 0x06, 0x12, 0x25, 0x0a, 0x21, 0x41, + 0x4d, 0x5f, 0x48, 0x50, 0x51, 0x54, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x33, 0x38, 0x34, 0x52, 0x31, + 0x5f, 0x4d, 0x4c, 0x4b, 0x45, 0x4d, 0x31, 0x30, 0x32, 0x34, 0x10, 0x0c, 0x2a, 0x84, 0x02, 0x0a, + 0x09, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x12, 0x19, 0x0a, 0x15, 0x41, 0x4c, + 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, + 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x16, 0x0a, 0x12, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, + 0x48, 0x4d, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x10, 0x01, 0x12, 0x16, 0x0a, + 0x12, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x34, + 0x30, 0x39, 0x36, 0x10, 0x02, 0x12, 0x15, 0x0a, 0x11, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, + 0x48, 0x4d, 0x5f, 0x45, 0x43, 0x5f, 0x50, 0x32, 0x35, 0x36, 0x10, 0x03, 0x12, 0x15, 0x0a, 0x11, + 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x45, 0x43, 0x5f, 0x50, 0x33, 0x38, + 0x34, 0x10, 0x04, 0x12, 0x15, 0x0a, 0x11, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, + 0x5f, 0x45, 0x43, 0x5f, 0x50, 0x35, 0x32, 0x31, 0x10, 0x05, 0x12, 0x18, 0x0a, 0x14, 0x41, 0x4c, + 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x48, 0x50, 0x51, 0x54, 0x5f, 0x58, 0x57, 0x49, + 0x4e, 0x47, 0x10, 0x06, 0x12, 0x25, 0x0a, 0x21, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, + 0x4d, 0x5f, 0x48, 0x50, 0x51, 0x54, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x52, 0x31, + 0x5f, 0x4d, 0x4c, 0x4b, 0x45, 0x4d, 0x37, 0x36, 0x38, 0x10, 0x07, 0x12, 0x26, 0x0a, 0x22, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x48, 0x50, 0x51, 0x54, 0x5f, 0x53, 0x45, - 0x43, 0x50, 0x32, 0x35, 0x36, 0x52, 0x31, 0x5f, 0x4d, 0x4c, 0x4b, 0x45, 0x4d, 0x37, 0x36, 0x38, - 0x10, 0x07, 0x12, 0x26, 0x0a, 0x22, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, - 0x48, 0x50, 0x51, 0x54, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x33, 0x38, 0x34, 0x52, 0x31, 0x5f, 0x4d, - 0x4c, 0x4b, 0x45, 0x4d, 0x31, 0x30, 0x32, 0x34, 0x10, 0x08, 0x2a, 0x56, 0x0a, 0x09, 0x4b, 0x65, - 0x79, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x1a, 0x0a, 0x16, 0x4b, 0x45, 0x59, 0x5f, 0x53, - 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, - 0x44, 0x10, 0x00, 0x12, 0x15, 0x0a, 0x11, 0x4b, 0x45, 0x59, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, - 0x53, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x56, 0x45, 0x10, 0x01, 0x12, 0x16, 0x0a, 0x12, 0x4b, 0x45, - 0x59, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x52, 0x4f, 0x54, 0x41, 0x54, 0x45, 0x44, - 0x10, 0x02, 0x2a, 0x94, 0x01, 0x0a, 0x07, 0x4b, 0x65, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x18, - 0x0a, 0x14, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, - 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1c, 0x0a, 0x18, 0x4b, 0x45, 0x59, 0x5f, - 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x43, 0x4f, 0x4e, 0x46, 0x49, 0x47, 0x5f, 0x52, 0x4f, 0x4f, 0x54, - 0x5f, 0x4b, 0x45, 0x59, 0x10, 0x01, 0x12, 0x1e, 0x0a, 0x1a, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, - 0x44, 0x45, 0x5f, 0x50, 0x52, 0x4f, 0x56, 0x49, 0x44, 0x45, 0x52, 0x5f, 0x52, 0x4f, 0x4f, 0x54, - 0x5f, 0x4b, 0x45, 0x59, 0x10, 0x02, 0x12, 0x13, 0x0a, 0x0f, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, - 0x44, 0x45, 0x5f, 0x52, 0x45, 0x4d, 0x4f, 0x54, 0x45, 0x10, 0x03, 0x12, 0x1c, 0x0a, 0x18, 0x4b, - 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, - 0x45, 0x59, 0x5f, 0x4f, 0x4e, 0x4c, 0x59, 0x10, 0x04, 0x42, 0x82, 0x01, 0x0a, 0x0a, 0x63, 0x6f, - 0x6d, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42, 0x0c, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, - 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x70, 0x65, 0x6e, 0x74, 0x64, 0x66, 0x2f, 0x70, 0x6c, 0x61, - 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2f, 0x67, - 0x6f, 0x2f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0xa2, 0x02, 0x03, 0x50, 0x58, 0x58, 0xaa, 0x02, - 0x06, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0xca, 0x02, 0x06, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, - 0xe2, 0x02, 0x12, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, - 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x06, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x62, 0x06, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x43, 0x50, 0x33, 0x38, 0x34, 0x52, 0x31, 0x5f, 0x4d, 0x4c, 0x4b, 0x45, 0x4d, 0x31, 0x30, 0x32, + 0x34, 0x10, 0x08, 0x2a, 0x56, 0x0a, 0x09, 0x4b, 0x65, 0x79, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, + 0x12, 0x1a, 0x0a, 0x16, 0x4b, 0x45, 0x59, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x55, + 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x15, 0x0a, 0x11, + 0x4b, 0x45, 0x59, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x56, + 0x45, 0x10, 0x01, 0x12, 0x16, 0x0a, 0x12, 0x4b, 0x45, 0x59, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, + 0x53, 0x5f, 0x52, 0x4f, 0x54, 0x41, 0x54, 0x45, 0x44, 0x10, 0x02, 0x2a, 0x94, 0x01, 0x0a, 0x07, + 0x4b, 0x65, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x18, 0x0a, 0x14, 0x4b, 0x45, 0x59, 0x5f, 0x4d, + 0x4f, 0x44, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, + 0x00, 0x12, 0x1c, 0x0a, 0x18, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x43, 0x4f, + 0x4e, 0x46, 0x49, 0x47, 0x5f, 0x52, 0x4f, 0x4f, 0x54, 0x5f, 0x4b, 0x45, 0x59, 0x10, 0x01, 0x12, + 0x1e, 0x0a, 0x1a, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x50, 0x52, 0x4f, 0x56, + 0x49, 0x44, 0x45, 0x52, 0x5f, 0x52, 0x4f, 0x4f, 0x54, 0x5f, 0x4b, 0x45, 0x59, 0x10, 0x02, 0x12, + 0x13, 0x0a, 0x0f, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x52, 0x45, 0x4d, 0x4f, + 0x54, 0x45, 0x10, 0x03, 0x12, 0x1c, 0x0a, 0x18, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, + 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x4f, 0x4e, 0x4c, 0x59, + 0x10, 0x04, 0x42, 0x82, 0x01, 0x0a, 0x0a, 0x63, 0x6f, 0x6d, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, + 0x79, 0x42, 0x0c, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, + 0x01, 0x5a, 0x2e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x70, + 0x65, 0x6e, 0x74, 0x64, 0x66, 0x2f, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x2f, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2f, 0x67, 0x6f, 0x2f, 0x70, 0x6f, 0x6c, 0x69, 0x63, + 0x79, 0xa2, 0x02, 0x03, 0x50, 0x58, 0x58, 0xaa, 0x02, 0x06, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, + 0xca, 0x02, 0x06, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0xe2, 0x02, 0x12, 0x50, 0x6f, 0x6c, 0x69, + 0x63, 0x79, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, + 0x06, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -3827,148 +4100,158 @@ func file_policy_objects_proto_rawDescGZIP() []byte { return file_policy_objects_proto_rawDescData } -var file_policy_objects_proto_enumTypes = make([]protoimpl.EnumInfo, 9) -var file_policy_objects_proto_msgTypes = make([]protoimpl.MessageInfo, 33) +var file_policy_objects_proto_enumTypes = make([]protoimpl.EnumInfo, 10) +var file_policy_objects_proto_msgTypes = make([]protoimpl.MessageInfo, 35) var file_policy_objects_proto_goTypes = []interface{}{ - (AttributeRuleTypeEnum)(0), // 0: policy.AttributeRuleTypeEnum - (SubjectMappingOperatorEnum)(0), // 1: policy.SubjectMappingOperatorEnum - (ConditionBooleanTypeEnum)(0), // 2: policy.ConditionBooleanTypeEnum - (SourceType)(0), // 3: policy.SourceType - (KasPublicKeyAlgEnum)(0), // 4: policy.KasPublicKeyAlgEnum - (Algorithm)(0), // 5: policy.Algorithm - (KeyStatus)(0), // 6: policy.KeyStatus - (KeyMode)(0), // 7: policy.KeyMode - (Action_StandardAction)(0), // 8: policy.Action.StandardAction - (*SimpleKasPublicKey)(nil), // 9: policy.SimpleKasPublicKey - (*SimpleKasKey)(nil), // 10: policy.SimpleKasKey - (*KeyProviderConfig)(nil), // 11: policy.KeyProviderConfig - (*Namespace)(nil), // 12: policy.Namespace - (*Attribute)(nil), // 13: policy.Attribute - (*Value)(nil), // 14: policy.Value - (*Action)(nil), // 15: policy.Action - (*SubjectMapping)(nil), // 16: policy.SubjectMapping - (*Condition)(nil), // 17: policy.Condition - (*ConditionGroup)(nil), // 18: policy.ConditionGroup - (*SubjectSet)(nil), // 19: policy.SubjectSet - (*SubjectConditionSet)(nil), // 20: policy.SubjectConditionSet - (*SubjectProperty)(nil), // 21: policy.SubjectProperty - (*ResourceMappingGroup)(nil), // 22: policy.ResourceMappingGroup - (*ResourceMapping)(nil), // 23: policy.ResourceMapping - (*KeyAccessServer)(nil), // 24: policy.KeyAccessServer - (*Key)(nil), // 25: policy.Key - (*KasPublicKey)(nil), // 26: policy.KasPublicKey - (*KasPublicKeySet)(nil), // 27: policy.KasPublicKeySet - (*PublicKey)(nil), // 28: policy.PublicKey - (*RegisteredResource)(nil), // 29: policy.RegisteredResource - (*RegisteredResourceValue)(nil), // 30: policy.RegisteredResourceValue - (*PolicyEnforcementPoint)(nil), // 31: policy.PolicyEnforcementPoint - (*RequestContext)(nil), // 32: policy.RequestContext - (*Obligation)(nil), // 33: policy.Obligation - (*ObligationValue)(nil), // 34: policy.ObligationValue - (*ObligationTrigger)(nil), // 35: policy.ObligationTrigger - (*KasKey)(nil), // 36: policy.KasKey - (*PublicKeyCtx)(nil), // 37: policy.PublicKeyCtx - (*PrivateKeyCtx)(nil), // 38: policy.PrivateKeyCtx - (*AsymmetricKey)(nil), // 39: policy.AsymmetricKey - (*SymmetricKey)(nil), // 40: policy.SymmetricKey - (*RegisteredResourceValue_ActionAttributeValue)(nil), // 41: policy.RegisteredResourceValue.ActionAttributeValue - (*common.Metadata)(nil), // 42: common.Metadata - (*wrapperspb.BoolValue)(nil), // 43: google.protobuf.BoolValue + (AttributeRuleTypeEnum)(0), // 0: policy.AttributeRuleTypeEnum + (SubjectMappingOperatorEnum)(0), // 1: policy.SubjectMappingOperatorEnum + (ConditionBooleanTypeEnum)(0), // 2: policy.ConditionBooleanTypeEnum + (DynamicValueOperatorEnum)(0), // 3: policy.DynamicValueOperatorEnum + (SourceType)(0), // 4: policy.SourceType + (KasPublicKeyAlgEnum)(0), // 5: policy.KasPublicKeyAlgEnum + (Algorithm)(0), // 6: policy.Algorithm + (KeyStatus)(0), // 7: policy.KeyStatus + (KeyMode)(0), // 8: policy.KeyMode + (Action_StandardAction)(0), // 9: policy.Action.StandardAction + (*SimpleKasPublicKey)(nil), // 10: policy.SimpleKasPublicKey + (*SimpleKasKey)(nil), // 11: policy.SimpleKasKey + (*KeyProviderConfig)(nil), // 12: policy.KeyProviderConfig + (*Namespace)(nil), // 13: policy.Namespace + (*Attribute)(nil), // 14: policy.Attribute + (*Value)(nil), // 15: policy.Value + (*Action)(nil), // 16: policy.Action + (*SubjectMapping)(nil), // 17: policy.SubjectMapping + (*DynamicValueResolver)(nil), // 18: policy.DynamicValueResolver + (*DynamicValueMapping)(nil), // 19: policy.DynamicValueMapping + (*Condition)(nil), // 20: policy.Condition + (*ConditionGroup)(nil), // 21: policy.ConditionGroup + (*SubjectSet)(nil), // 22: policy.SubjectSet + (*SubjectConditionSet)(nil), // 23: policy.SubjectConditionSet + (*SubjectProperty)(nil), // 24: policy.SubjectProperty + (*ResourceMappingGroup)(nil), // 25: policy.ResourceMappingGroup + (*ResourceMapping)(nil), // 26: policy.ResourceMapping + (*KeyAccessServer)(nil), // 27: policy.KeyAccessServer + (*Key)(nil), // 28: policy.Key + (*KasPublicKey)(nil), // 29: policy.KasPublicKey + (*KasPublicKeySet)(nil), // 30: policy.KasPublicKeySet + (*PublicKey)(nil), // 31: policy.PublicKey + (*RegisteredResource)(nil), // 32: policy.RegisteredResource + (*RegisteredResourceValue)(nil), // 33: policy.RegisteredResourceValue + (*PolicyEnforcementPoint)(nil), // 34: policy.PolicyEnforcementPoint + (*RequestContext)(nil), // 35: policy.RequestContext + (*Obligation)(nil), // 36: policy.Obligation + (*ObligationValue)(nil), // 37: policy.ObligationValue + (*ObligationTrigger)(nil), // 38: policy.ObligationTrigger + (*KasKey)(nil), // 39: policy.KasKey + (*PublicKeyCtx)(nil), // 40: policy.PublicKeyCtx + (*PrivateKeyCtx)(nil), // 41: policy.PrivateKeyCtx + (*AsymmetricKey)(nil), // 42: policy.AsymmetricKey + (*SymmetricKey)(nil), // 43: policy.SymmetricKey + (*RegisteredResourceValue_ActionAttributeValue)(nil), // 44: policy.RegisteredResourceValue.ActionAttributeValue + (*common.Metadata)(nil), // 45: common.Metadata + (*wrapperspb.BoolValue)(nil), // 46: google.protobuf.BoolValue } var file_policy_objects_proto_depIdxs = []int32{ - 5, // 0: policy.SimpleKasPublicKey.algorithm:type_name -> policy.Algorithm - 9, // 1: policy.SimpleKasKey.public_key:type_name -> policy.SimpleKasPublicKey - 42, // 2: policy.KeyProviderConfig.metadata:type_name -> common.Metadata - 43, // 3: policy.Namespace.active:type_name -> google.protobuf.BoolValue - 42, // 4: policy.Namespace.metadata:type_name -> common.Metadata - 24, // 5: policy.Namespace.grants:type_name -> policy.KeyAccessServer - 10, // 6: policy.Namespace.kas_keys:type_name -> policy.SimpleKasKey - 12, // 7: policy.Attribute.namespace:type_name -> policy.Namespace + 6, // 0: policy.SimpleKasPublicKey.algorithm:type_name -> policy.Algorithm + 10, // 1: policy.SimpleKasKey.public_key:type_name -> policy.SimpleKasPublicKey + 45, // 2: policy.KeyProviderConfig.metadata:type_name -> common.Metadata + 46, // 3: policy.Namespace.active:type_name -> google.protobuf.BoolValue + 45, // 4: policy.Namespace.metadata:type_name -> common.Metadata + 27, // 5: policy.Namespace.grants:type_name -> policy.KeyAccessServer + 11, // 6: policy.Namespace.kas_keys:type_name -> policy.SimpleKasKey + 13, // 7: policy.Attribute.namespace:type_name -> policy.Namespace 0, // 8: policy.Attribute.rule:type_name -> policy.AttributeRuleTypeEnum - 14, // 9: policy.Attribute.values:type_name -> policy.Value - 24, // 10: policy.Attribute.grants:type_name -> policy.KeyAccessServer - 43, // 11: policy.Attribute.active:type_name -> google.protobuf.BoolValue - 10, // 12: policy.Attribute.kas_keys:type_name -> policy.SimpleKasKey - 43, // 13: policy.Attribute.allow_traversal:type_name -> google.protobuf.BoolValue - 42, // 14: policy.Attribute.metadata:type_name -> common.Metadata - 13, // 15: policy.Value.attribute:type_name -> policy.Attribute - 24, // 16: policy.Value.grants:type_name -> policy.KeyAccessServer - 43, // 17: policy.Value.active:type_name -> google.protobuf.BoolValue - 16, // 18: policy.Value.subject_mappings:type_name -> policy.SubjectMapping - 10, // 19: policy.Value.kas_keys:type_name -> policy.SimpleKasKey - 23, // 20: policy.Value.resource_mappings:type_name -> policy.ResourceMapping - 33, // 21: policy.Value.obligations:type_name -> policy.Obligation - 42, // 22: policy.Value.metadata:type_name -> common.Metadata - 8, // 23: policy.Action.standard:type_name -> policy.Action.StandardAction - 12, // 24: policy.Action.namespace:type_name -> policy.Namespace - 42, // 25: policy.Action.metadata:type_name -> common.Metadata - 14, // 26: policy.SubjectMapping.attribute_value:type_name -> policy.Value - 20, // 27: policy.SubjectMapping.subject_condition_set:type_name -> policy.SubjectConditionSet - 15, // 28: policy.SubjectMapping.actions:type_name -> policy.Action - 12, // 29: policy.SubjectMapping.namespace:type_name -> policy.Namespace - 42, // 30: policy.SubjectMapping.metadata:type_name -> common.Metadata - 1, // 31: policy.Condition.operator:type_name -> policy.SubjectMappingOperatorEnum - 17, // 32: policy.ConditionGroup.conditions:type_name -> policy.Condition - 2, // 33: policy.ConditionGroup.boolean_operator:type_name -> policy.ConditionBooleanTypeEnum - 18, // 34: policy.SubjectSet.condition_groups:type_name -> policy.ConditionGroup - 12, // 35: policy.SubjectConditionSet.namespace:type_name -> policy.Namespace - 19, // 36: policy.SubjectConditionSet.subject_sets:type_name -> policy.SubjectSet - 42, // 37: policy.SubjectConditionSet.metadata:type_name -> common.Metadata - 42, // 38: policy.ResourceMappingGroup.metadata:type_name -> common.Metadata - 42, // 39: policy.ResourceMapping.metadata:type_name -> common.Metadata - 14, // 40: policy.ResourceMapping.attribute_value:type_name -> policy.Value - 22, // 41: policy.ResourceMapping.group:type_name -> policy.ResourceMappingGroup - 28, // 42: policy.KeyAccessServer.public_key:type_name -> policy.PublicKey - 3, // 43: policy.KeyAccessServer.source_type:type_name -> policy.SourceType - 10, // 44: policy.KeyAccessServer.kas_keys:type_name -> policy.SimpleKasKey - 42, // 45: policy.KeyAccessServer.metadata:type_name -> common.Metadata - 43, // 46: policy.Key.is_active:type_name -> google.protobuf.BoolValue - 43, // 47: policy.Key.was_mapped:type_name -> google.protobuf.BoolValue - 26, // 48: policy.Key.public_key:type_name -> policy.KasPublicKey - 24, // 49: policy.Key.kas:type_name -> policy.KeyAccessServer - 42, // 50: policy.Key.metadata:type_name -> common.Metadata - 4, // 51: policy.KasPublicKey.alg:type_name -> policy.KasPublicKeyAlgEnum - 26, // 52: policy.KasPublicKeySet.keys:type_name -> policy.KasPublicKey - 27, // 53: policy.PublicKey.cached:type_name -> policy.KasPublicKeySet - 30, // 54: policy.RegisteredResource.values:type_name -> policy.RegisteredResourceValue - 12, // 55: policy.RegisteredResource.namespace:type_name -> policy.Namespace - 42, // 56: policy.RegisteredResource.metadata:type_name -> common.Metadata - 29, // 57: policy.RegisteredResourceValue.resource:type_name -> policy.RegisteredResource - 41, // 58: policy.RegisteredResourceValue.action_attribute_values:type_name -> policy.RegisteredResourceValue.ActionAttributeValue - 42, // 59: policy.RegisteredResourceValue.metadata:type_name -> common.Metadata - 31, // 60: policy.RequestContext.pep:type_name -> policy.PolicyEnforcementPoint - 12, // 61: policy.Obligation.namespace:type_name -> policy.Namespace - 34, // 62: policy.Obligation.values:type_name -> policy.ObligationValue - 42, // 63: policy.Obligation.metadata:type_name -> common.Metadata - 33, // 64: policy.ObligationValue.obligation:type_name -> policy.Obligation - 35, // 65: policy.ObligationValue.triggers:type_name -> policy.ObligationTrigger - 42, // 66: policy.ObligationValue.metadata:type_name -> common.Metadata - 34, // 67: policy.ObligationTrigger.obligation_value:type_name -> policy.ObligationValue - 15, // 68: policy.ObligationTrigger.action:type_name -> policy.Action - 14, // 69: policy.ObligationTrigger.attribute_value:type_name -> policy.Value - 32, // 70: policy.ObligationTrigger.context:type_name -> policy.RequestContext - 12, // 71: policy.ObligationTrigger.namespace:type_name -> policy.Namespace - 42, // 72: policy.ObligationTrigger.metadata:type_name -> common.Metadata - 39, // 73: policy.KasKey.key:type_name -> policy.AsymmetricKey - 5, // 74: policy.AsymmetricKey.key_algorithm:type_name -> policy.Algorithm - 6, // 75: policy.AsymmetricKey.key_status:type_name -> policy.KeyStatus - 7, // 76: policy.AsymmetricKey.key_mode:type_name -> policy.KeyMode - 37, // 77: policy.AsymmetricKey.public_key_ctx:type_name -> policy.PublicKeyCtx - 38, // 78: policy.AsymmetricKey.private_key_ctx:type_name -> policy.PrivateKeyCtx - 11, // 79: policy.AsymmetricKey.provider_config:type_name -> policy.KeyProviderConfig - 42, // 80: policy.AsymmetricKey.metadata:type_name -> common.Metadata - 6, // 81: policy.SymmetricKey.key_status:type_name -> policy.KeyStatus - 7, // 82: policy.SymmetricKey.key_mode:type_name -> policy.KeyMode - 11, // 83: policy.SymmetricKey.provider_config:type_name -> policy.KeyProviderConfig - 42, // 84: policy.SymmetricKey.metadata:type_name -> common.Metadata - 15, // 85: policy.RegisteredResourceValue.ActionAttributeValue.action:type_name -> policy.Action - 14, // 86: policy.RegisteredResourceValue.ActionAttributeValue.attribute_value:type_name -> policy.Value - 42, // 87: policy.RegisteredResourceValue.ActionAttributeValue.metadata:type_name -> common.Metadata - 88, // [88:88] is the sub-list for method output_type - 88, // [88:88] is the sub-list for method input_type - 88, // [88:88] is the sub-list for extension type_name - 88, // [88:88] is the sub-list for extension extendee - 0, // [0:88] is the sub-list for field type_name + 15, // 9: policy.Attribute.values:type_name -> policy.Value + 27, // 10: policy.Attribute.grants:type_name -> policy.KeyAccessServer + 46, // 11: policy.Attribute.active:type_name -> google.protobuf.BoolValue + 11, // 12: policy.Attribute.kas_keys:type_name -> policy.SimpleKasKey + 46, // 13: policy.Attribute.allow_traversal:type_name -> google.protobuf.BoolValue + 45, // 14: policy.Attribute.metadata:type_name -> common.Metadata + 14, // 15: policy.Value.attribute:type_name -> policy.Attribute + 27, // 16: policy.Value.grants:type_name -> policy.KeyAccessServer + 46, // 17: policy.Value.active:type_name -> google.protobuf.BoolValue + 17, // 18: policy.Value.subject_mappings:type_name -> policy.SubjectMapping + 11, // 19: policy.Value.kas_keys:type_name -> policy.SimpleKasKey + 26, // 20: policy.Value.resource_mappings:type_name -> policy.ResourceMapping + 36, // 21: policy.Value.obligations:type_name -> policy.Obligation + 45, // 22: policy.Value.metadata:type_name -> common.Metadata + 9, // 23: policy.Action.standard:type_name -> policy.Action.StandardAction + 13, // 24: policy.Action.namespace:type_name -> policy.Namespace + 45, // 25: policy.Action.metadata:type_name -> common.Metadata + 15, // 26: policy.SubjectMapping.attribute_value:type_name -> policy.Value + 23, // 27: policy.SubjectMapping.subject_condition_set:type_name -> policy.SubjectConditionSet + 16, // 28: policy.SubjectMapping.actions:type_name -> policy.Action + 13, // 29: policy.SubjectMapping.namespace:type_name -> policy.Namespace + 45, // 30: policy.SubjectMapping.metadata:type_name -> common.Metadata + 3, // 31: policy.DynamicValueResolver.operator:type_name -> policy.DynamicValueOperatorEnum + 14, // 32: policy.DynamicValueMapping.attribute_definition:type_name -> policy.Attribute + 18, // 33: policy.DynamicValueMapping.value_resolver:type_name -> policy.DynamicValueResolver + 23, // 34: policy.DynamicValueMapping.subject_condition_set:type_name -> policy.SubjectConditionSet + 16, // 35: policy.DynamicValueMapping.actions:type_name -> policy.Action + 13, // 36: policy.DynamicValueMapping.namespace:type_name -> policy.Namespace + 45, // 37: policy.DynamicValueMapping.metadata:type_name -> common.Metadata + 1, // 38: policy.Condition.operator:type_name -> policy.SubjectMappingOperatorEnum + 20, // 39: policy.ConditionGroup.conditions:type_name -> policy.Condition + 2, // 40: policy.ConditionGroup.boolean_operator:type_name -> policy.ConditionBooleanTypeEnum + 21, // 41: policy.SubjectSet.condition_groups:type_name -> policy.ConditionGroup + 13, // 42: policy.SubjectConditionSet.namespace:type_name -> policy.Namespace + 22, // 43: policy.SubjectConditionSet.subject_sets:type_name -> policy.SubjectSet + 45, // 44: policy.SubjectConditionSet.metadata:type_name -> common.Metadata + 45, // 45: policy.ResourceMappingGroup.metadata:type_name -> common.Metadata + 45, // 46: policy.ResourceMapping.metadata:type_name -> common.Metadata + 15, // 47: policy.ResourceMapping.attribute_value:type_name -> policy.Value + 25, // 48: policy.ResourceMapping.group:type_name -> policy.ResourceMappingGroup + 31, // 49: policy.KeyAccessServer.public_key:type_name -> policy.PublicKey + 4, // 50: policy.KeyAccessServer.source_type:type_name -> policy.SourceType + 11, // 51: policy.KeyAccessServer.kas_keys:type_name -> policy.SimpleKasKey + 45, // 52: policy.KeyAccessServer.metadata:type_name -> common.Metadata + 46, // 53: policy.Key.is_active:type_name -> google.protobuf.BoolValue + 46, // 54: policy.Key.was_mapped:type_name -> google.protobuf.BoolValue + 29, // 55: policy.Key.public_key:type_name -> policy.KasPublicKey + 27, // 56: policy.Key.kas:type_name -> policy.KeyAccessServer + 45, // 57: policy.Key.metadata:type_name -> common.Metadata + 5, // 58: policy.KasPublicKey.alg:type_name -> policy.KasPublicKeyAlgEnum + 29, // 59: policy.KasPublicKeySet.keys:type_name -> policy.KasPublicKey + 30, // 60: policy.PublicKey.cached:type_name -> policy.KasPublicKeySet + 33, // 61: policy.RegisteredResource.values:type_name -> policy.RegisteredResourceValue + 13, // 62: policy.RegisteredResource.namespace:type_name -> policy.Namespace + 45, // 63: policy.RegisteredResource.metadata:type_name -> common.Metadata + 32, // 64: policy.RegisteredResourceValue.resource:type_name -> policy.RegisteredResource + 44, // 65: policy.RegisteredResourceValue.action_attribute_values:type_name -> policy.RegisteredResourceValue.ActionAttributeValue + 45, // 66: policy.RegisteredResourceValue.metadata:type_name -> common.Metadata + 34, // 67: policy.RequestContext.pep:type_name -> policy.PolicyEnforcementPoint + 13, // 68: policy.Obligation.namespace:type_name -> policy.Namespace + 37, // 69: policy.Obligation.values:type_name -> policy.ObligationValue + 45, // 70: policy.Obligation.metadata:type_name -> common.Metadata + 36, // 71: policy.ObligationValue.obligation:type_name -> policy.Obligation + 38, // 72: policy.ObligationValue.triggers:type_name -> policy.ObligationTrigger + 45, // 73: policy.ObligationValue.metadata:type_name -> common.Metadata + 37, // 74: policy.ObligationTrigger.obligation_value:type_name -> policy.ObligationValue + 16, // 75: policy.ObligationTrigger.action:type_name -> policy.Action + 15, // 76: policy.ObligationTrigger.attribute_value:type_name -> policy.Value + 35, // 77: policy.ObligationTrigger.context:type_name -> policy.RequestContext + 13, // 78: policy.ObligationTrigger.namespace:type_name -> policy.Namespace + 45, // 79: policy.ObligationTrigger.metadata:type_name -> common.Metadata + 42, // 80: policy.KasKey.key:type_name -> policy.AsymmetricKey + 6, // 81: policy.AsymmetricKey.key_algorithm:type_name -> policy.Algorithm + 7, // 82: policy.AsymmetricKey.key_status:type_name -> policy.KeyStatus + 8, // 83: policy.AsymmetricKey.key_mode:type_name -> policy.KeyMode + 40, // 84: policy.AsymmetricKey.public_key_ctx:type_name -> policy.PublicKeyCtx + 41, // 85: policy.AsymmetricKey.private_key_ctx:type_name -> policy.PrivateKeyCtx + 12, // 86: policy.AsymmetricKey.provider_config:type_name -> policy.KeyProviderConfig + 45, // 87: policy.AsymmetricKey.metadata:type_name -> common.Metadata + 7, // 88: policy.SymmetricKey.key_status:type_name -> policy.KeyStatus + 8, // 89: policy.SymmetricKey.key_mode:type_name -> policy.KeyMode + 12, // 90: policy.SymmetricKey.provider_config:type_name -> policy.KeyProviderConfig + 45, // 91: policy.SymmetricKey.metadata:type_name -> common.Metadata + 16, // 92: policy.RegisteredResourceValue.ActionAttributeValue.action:type_name -> policy.Action + 15, // 93: policy.RegisteredResourceValue.ActionAttributeValue.attribute_value:type_name -> policy.Value + 45, // 94: policy.RegisteredResourceValue.ActionAttributeValue.metadata:type_name -> common.Metadata + 95, // [95:95] is the sub-list for method output_type + 95, // [95:95] is the sub-list for method input_type + 95, // [95:95] is the sub-list for extension type_name + 95, // [95:95] is the sub-list for extension extendee + 0, // [0:95] is the sub-list for field type_name } func init() { file_policy_objects_proto_init() } @@ -4074,7 +4357,7 @@ func file_policy_objects_proto_init() { } } file_policy_objects_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Condition); i { + switch v := v.(*DynamicValueResolver); i { case 0: return &v.state case 1: @@ -4086,7 +4369,7 @@ func file_policy_objects_proto_init() { } } file_policy_objects_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ConditionGroup); i { + switch v := v.(*DynamicValueMapping); i { case 0: return &v.state case 1: @@ -4098,7 +4381,7 @@ func file_policy_objects_proto_init() { } } file_policy_objects_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SubjectSet); i { + switch v := v.(*Condition); i { case 0: return &v.state case 1: @@ -4110,7 +4393,7 @@ func file_policy_objects_proto_init() { } } file_policy_objects_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SubjectConditionSet); i { + switch v := v.(*ConditionGroup); i { case 0: return &v.state case 1: @@ -4122,7 +4405,7 @@ func file_policy_objects_proto_init() { } } file_policy_objects_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SubjectProperty); i { + switch v := v.(*SubjectSet); i { case 0: return &v.state case 1: @@ -4134,7 +4417,7 @@ func file_policy_objects_proto_init() { } } file_policy_objects_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ResourceMappingGroup); i { + switch v := v.(*SubjectConditionSet); i { case 0: return &v.state case 1: @@ -4146,7 +4429,7 @@ func file_policy_objects_proto_init() { } } file_policy_objects_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ResourceMapping); i { + switch v := v.(*SubjectProperty); i { case 0: return &v.state case 1: @@ -4158,7 +4441,7 @@ func file_policy_objects_proto_init() { } } file_policy_objects_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*KeyAccessServer); i { + switch v := v.(*ResourceMappingGroup); i { case 0: return &v.state case 1: @@ -4170,7 +4453,7 @@ func file_policy_objects_proto_init() { } } file_policy_objects_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Key); i { + switch v := v.(*ResourceMapping); i { case 0: return &v.state case 1: @@ -4182,7 +4465,7 @@ func file_policy_objects_proto_init() { } } file_policy_objects_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*KasPublicKey); i { + switch v := v.(*KeyAccessServer); i { case 0: return &v.state case 1: @@ -4194,7 +4477,7 @@ func file_policy_objects_proto_init() { } } file_policy_objects_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*KasPublicKeySet); i { + switch v := v.(*Key); i { case 0: return &v.state case 1: @@ -4206,7 +4489,7 @@ func file_policy_objects_proto_init() { } } file_policy_objects_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PublicKey); i { + switch v := v.(*KasPublicKey); i { case 0: return &v.state case 1: @@ -4218,7 +4501,7 @@ func file_policy_objects_proto_init() { } } file_policy_objects_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RegisteredResource); i { + switch v := v.(*KasPublicKeySet); i { case 0: return &v.state case 1: @@ -4230,7 +4513,7 @@ func file_policy_objects_proto_init() { } } file_policy_objects_proto_msgTypes[21].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RegisteredResourceValue); i { + switch v := v.(*PublicKey); i { case 0: return &v.state case 1: @@ -4242,7 +4525,7 @@ func file_policy_objects_proto_init() { } } file_policy_objects_proto_msgTypes[22].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PolicyEnforcementPoint); i { + switch v := v.(*RegisteredResource); i { case 0: return &v.state case 1: @@ -4254,7 +4537,7 @@ func file_policy_objects_proto_init() { } } file_policy_objects_proto_msgTypes[23].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RequestContext); i { + switch v := v.(*RegisteredResourceValue); i { case 0: return &v.state case 1: @@ -4266,7 +4549,7 @@ func file_policy_objects_proto_init() { } } file_policy_objects_proto_msgTypes[24].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Obligation); i { + switch v := v.(*PolicyEnforcementPoint); i { case 0: return &v.state case 1: @@ -4278,7 +4561,7 @@ func file_policy_objects_proto_init() { } } file_policy_objects_proto_msgTypes[25].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ObligationValue); i { + switch v := v.(*RequestContext); i { case 0: return &v.state case 1: @@ -4290,7 +4573,7 @@ func file_policy_objects_proto_init() { } } file_policy_objects_proto_msgTypes[26].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ObligationTrigger); i { + switch v := v.(*Obligation); i { case 0: return &v.state case 1: @@ -4302,7 +4585,7 @@ func file_policy_objects_proto_init() { } } file_policy_objects_proto_msgTypes[27].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*KasKey); i { + switch v := v.(*ObligationValue); i { case 0: return &v.state case 1: @@ -4314,7 +4597,7 @@ func file_policy_objects_proto_init() { } } file_policy_objects_proto_msgTypes[28].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PublicKeyCtx); i { + switch v := v.(*ObligationTrigger); i { case 0: return &v.state case 1: @@ -4326,7 +4609,7 @@ func file_policy_objects_proto_init() { } } file_policy_objects_proto_msgTypes[29].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PrivateKeyCtx); i { + switch v := v.(*KasKey); i { case 0: return &v.state case 1: @@ -4338,7 +4621,7 @@ func file_policy_objects_proto_init() { } } file_policy_objects_proto_msgTypes[30].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AsymmetricKey); i { + switch v := v.(*PublicKeyCtx); i { case 0: return &v.state case 1: @@ -4350,7 +4633,7 @@ func file_policy_objects_proto_init() { } } file_policy_objects_proto_msgTypes[31].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SymmetricKey); i { + switch v := v.(*PrivateKeyCtx); i { case 0: return &v.state case 1: @@ -4362,6 +4645,30 @@ func file_policy_objects_proto_init() { } } file_policy_objects_proto_msgTypes[32].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*AsymmetricKey); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_policy_objects_proto_msgTypes[33].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*SymmetricKey); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_policy_objects_proto_msgTypes[34].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*RegisteredResourceValue_ActionAttributeValue); i { case 0: return &v.state @@ -4378,7 +4685,7 @@ func file_policy_objects_proto_init() { (*Action_Standard)(nil), (*Action_Custom)(nil), } - file_policy_objects_proto_msgTypes[19].OneofWrappers = []interface{}{ + file_policy_objects_proto_msgTypes[21].OneofWrappers = []interface{}{ (*PublicKey_Remote)(nil), (*PublicKey_Cached)(nil), } @@ -4387,8 +4694,8 @@ func file_policy_objects_proto_init() { File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_policy_objects_proto_rawDesc, - NumEnums: 9, - NumMessages: 33, + NumEnums: 10, + NumMessages: 35, NumExtensions: 0, NumServices: 0, }, diff --git a/service/policy/dynamicvaluemapping/dynamic_value_mapping.proto b/service/policy/dynamicvaluemapping/dynamic_value_mapping.proto new file mode 100644 index 0000000000..a16d3aedd4 --- /dev/null +++ b/service/policy/dynamicvaluemapping/dynamic_value_mapping.proto @@ -0,0 +1,173 @@ +syntax = "proto3"; + +package policy.dynamicvaluemapping; + +import "buf/validate/validate.proto"; +import "common/common.proto"; +import "policy/objects.proto"; +import "policy/selectors.proto"; +import "policy/subjectmapping/subject_mapping.proto"; + +/* + Dynamic Value Mapping CRUD operations + + A DynamicValueMapping raises entitlement authority from a concrete AttributeValue to the + AttributeDefinition: at decision time the value_resolver compares the requested resource + value segment against the entity representation, avoiding pre-provisioning a value + + subject mapping per discrete value. +*/ + +message GetDynamicValueMappingRequest { + // Required + string id = 1 [(buf.validate.field).string.uuid = true]; +} +message GetDynamicValueMappingResponse { + policy.DynamicValueMapping dynamic_value_mapping = 1; +} + +enum SortDynamicValueMappingsType { + SORT_DYNAMIC_VALUE_MAPPINGS_TYPE_UNSPECIFIED = 0; + SORT_DYNAMIC_VALUE_MAPPINGS_TYPE_CREATED_AT = 1; + SORT_DYNAMIC_VALUE_MAPPINGS_TYPE_UPDATED_AT = 2; +} + +message DynamicValueMappingsSort { + SortDynamicValueMappingsType field = 1 [(buf.validate.field).enum.defined_only = true]; + policy.SortDirection direction = 2 [(buf.validate.field).enum.defined_only = true]; +} + +message ListDynamicValueMappingsRequest { + // Optional + // Namespace ID, or Attribute Definition ID to filter by + string namespace_id = 1 [(buf.validate.field).cel = { + id: "optional_uuid_format" + message: "Optional field must be a valid UUID" + expression: "size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}')" + }]; + string attribute_definition_id = 2 [(buf.validate.field).cel = { + id: "optional_uuid_format" + message: "Optional field must be a valid UUID" + expression: "size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}')" + }]; + + // Optional + policy.PageRequest pagination = 10; + + // Optional - CONSTRAINT: max 1 item + repeated DynamicValueMappingsSort sort = 11 [(buf.validate.field).repeated.max_items = 1]; +} +message ListDynamicValueMappingsResponse { + repeated policy.DynamicValueMapping dynamic_value_mappings = 1; + + policy.PageResponse pagination = 10; +} + +message CreateDynamicValueMappingRequest { + // Required: Attribute Definition ID or FQN to scope the mapping to + option (buf.validate.message).oneof = { + fields: ["attribute_definition_id", "attribute_definition_fqn"] + required: true + }; + string attribute_definition_id = 1 [(buf.validate.field).cel = { + id: "optional_uuid_format" + message: "Optional field must be a valid UUID" + expression: "size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}')" + }]; + string attribute_definition_fqn = 2 [ + (buf.validate.field).string = { + min_len: 0 + uri: true + } + ]; + + // Required: the dynamic resolver comparing entity selector result to the resource value segment + policy.DynamicValueResolver value_resolver = 3 [(buf.validate.field).required = true]; + + // Required: actions permitted on a matched value + repeated policy.Action actions = 4 [ + (buf.validate.field).repeated.min_items = 1, + (buf.validate.field).cel = { + id: "action_name_or_id_not_empty" + message: "Action name or ID must not be empty if provided" + expression: "this.all(item, item.name != '' || item.id != '')" + } + ]; + + // Optional static pre-gate. Reuse an existing SubjectConditionSet (prioritized) ... + string existing_subject_condition_set_id = 5 [(buf.validate.field).cel = { + id: "optional_uuid_format" + message: "Optional field must be a valid UUID" + expression: "size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}')" + }]; + // ... or create a new one (ignored if existing_subject_condition_set_id is provided) + policy.subjectmapping.SubjectConditionSetCreate new_subject_condition_set = 6; + + // Optional: namespace ID or FQN for the mapping + string namespace_id = 7 [(buf.validate.field).cel = { + id: "optional_uuid_format" + message: "Optional field must be a valid UUID" + expression: "size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}')" + }]; + string namespace_fqn = 8 [ + (buf.validate.field).string = { + min_len: 0 + uri: true + } + ]; + + // Optional + common.MetadataMutable metadata = 100; +} +message CreateDynamicValueMappingResponse { + policy.DynamicValueMapping dynamic_value_mapping = 1; +} + +message UpdateDynamicValueMappingRequest { + // Required + string id = 1 [(buf.validate.field).string.uuid = true]; + + // Optional: replace the dynamic resolver + policy.DynamicValueResolver value_resolver = 2; + + // Optional: replace the static pre-gate SubjectConditionSet by id + string subject_condition_set_id = 3 [(buf.validate.field).cel = { + id: "optional_uuid_format" + message: "Optional field must be a valid UUID" + expression: "size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}')" + }]; + + // Optional: replace the entire list of actions + repeated policy.Action actions = 4 [(buf.validate.field).cel = { + id: "action_name_or_id_not_empty" + message: "Action name or ID must not be empty if provided" + expression: "this.size() == 0 || this.all(item, item.name != '' || item.id != '')" + }]; + + // Common metadata + common.MetadataMutable metadata = 100; + common.MetadataUpdateEnum metadata_update_behavior = 101; +} +message UpdateDynamicValueMappingResponse { + policy.DynamicValueMapping dynamic_value_mapping = 1; +} + +message DeleteDynamicValueMappingRequest { + // Required + string id = 1 [(buf.validate.field).string.uuid = true]; +} +message DeleteDynamicValueMappingResponse { + // Only ID of the deleted mapping provided + policy.DynamicValueMapping dynamic_value_mapping = 1; +} + +service DynamicValueMappingService { + rpc ListDynamicValueMappings(ListDynamicValueMappingsRequest) returns (ListDynamicValueMappingsResponse) { + option idempotency_level = NO_SIDE_EFFECTS; + } + rpc GetDynamicValueMapping(GetDynamicValueMappingRequest) returns (GetDynamicValueMappingResponse) { + option idempotency_level = NO_SIDE_EFFECTS; + } + rpc CreateDynamicValueMapping(CreateDynamicValueMappingRequest) returns (CreateDynamicValueMappingResponse) {} + rpc UpdateDynamicValueMapping(UpdateDynamicValueMappingRequest) returns (UpdateDynamicValueMappingResponse) {} + rpc DeleteDynamicValueMapping(DeleteDynamicValueMappingRequest) returns (DeleteDynamicValueMappingResponse) {} +} diff --git a/service/policy/objects.proto b/service/policy/objects.proto index 3e6ee4d794..adac99663c 100644 --- a/service/policy/objects.proto +++ b/service/policy/objects.proto @@ -180,6 +180,21 @@ enum ConditionBooleanTypeEnum { CONDITION_BOOLEAN_TYPE_ENUM_OR = 2; } +// Operators for dynamic, definition-level value entitlement. Unlike +// SubjectMappingOperatorEnum, whose right-hand operand is a static list authored into +// policy, a DynamicValueOperatorEnum's right-hand operand is the requested resource's +// attribute value segment, supplied at decision time. Each value is the inversion of its +// static SubjectMappingOperatorEnum counterpart. +enum DynamicValueOperatorEnum { + DYNAMIC_VALUE_OPERATOR_ENUM_UNSPECIFIED = 0; + // true when the requested resource value segment equals one of the values resolved by + // the selector against the entity representation (inversion of IN) + DYNAMIC_VALUE_OPERATOR_ENUM_RESOURCE_VALUE_IN = 1; + // true when one of the selector-resolved entity values contains the requested resource + // value segment as a substring (inversion of IN_CONTAINS) + DYNAMIC_VALUE_OPERATOR_ENUM_RESOURCE_VALUE_IN_CONTAINS = 2; +} + /* Subject Mapping: A Policy assigning Subject Set(s) to a permitted attribute value + action(s) combination @@ -204,6 +219,53 @@ message SubjectMapping { common.Metadata metadata = 100; } +/* + Definition Value Resolver: the dynamic half of a DynamicValueMapping. It + resolves a selector against the entity representation and compares the result to the + requested resource value segment using a DynamicValueOperatorEnum. +*/ +message DynamicValueResolver { + // a selector for a field value on a flattened Entity Representation (such as from + // idP/LDAP), e.g. ".patientAssignments[]" + string subject_external_selector_value = 1 [(buf.validate.field).required = true]; + + // the dynamic operator comparing the selector result to the resource value segment + DynamicValueOperatorEnum operator = 2 [ + (buf.validate.field).enum.defined_only = true, + (buf.validate.field).required = true + ]; +} + +/* + Dynamic Value Mapping: a Policy assigning permitted action(s) to + dynamically-requested values under an Attribute Definition. It raises entitlement + authority from a concrete Attribute Value to the Attribute Definition: at decision time + the value_resolver compares the requested resource value segment against the entity + representation, avoiding pre-provisioning a value + subject mapping per discrete value. +*/ +message DynamicValueMapping { + string id = 1; + + // the Attribute Definition whose values are entitled dynamically + Attribute attribute_definition = 2; + + // the dynamic resolver matched against the requested resource value segment + DynamicValueResolver value_resolver = 3; + + // optional static pre-gate on the entity, evaluated with normal SubjectConditionSet + // semantics (no dynamic overload). When present, both the gate and the resolver must + // pass for entitlement. + SubjectConditionSet subject_condition_set = 4; + + // the actions permitted by subjects in this mapping + repeated Action actions = 5; + + // the namespace containing this mapping + Namespace namespace = 6; + + common.Metadata metadata = 100; +} + /** A Condition defines a rule of From e0f92206612363d3e33180dc5913172b891c3b21 Mon Sep 17 00:00:00 2001 From: Krish Suchak Date: Fri, 5 Jun 2026 17:42:49 -0400 Subject: [PATCH 2/2] fix(policy): DSPX-2754 tighten CreateDynamicValueMapping validation Address review: add namespace_id/namespace_fqn oneof, use min_len:1 + uri on FQN fields, and replace verbose CEL with direct uuid/uri rules (consistent with CreateSubjectMappingRequest; protovalidate skips unset oneof members). Refs: DSPX-2754, DSPX-3498 Signed-off-by: Krish Suchak --- .../dynamic_value_mapping.openapi.yaml | 10 +- .../dynamic_value_mapping.pb.go | 429 +++++++++--------- .../dynamic_value_mapping.proto | 22 +- 3 files changed, 220 insertions(+), 241 deletions(-) diff --git a/docs/openapi/policy/dynamicvaluemapping/dynamic_value_mapping.openapi.yaml b/docs/openapi/policy/dynamicvaluemapping/dynamic_value_mapping.openapi.yaml index fd0fb63dc6..0c19ff5295 100644 --- a/docs/openapi/policy/dynamicvaluemapping/dynamic_value_mapping.openapi.yaml +++ b/docs/openapi/policy/dynamicvaluemapping/dynamic_value_mapping.openapi.yaml @@ -1237,11 +1237,11 @@ components: attributeDefinitionId: type: string title: attribute_definition_id - description: | - optional_uuid_format // Optional field must be a valid UUID + format: uuid attributeDefinitionFqn: type: string title: attribute_definition_fqn + minLength: 1 format: uri valueResolver: title: value_resolver @@ -1269,12 +1269,12 @@ components: namespaceId: type: string title: namespace_id - description: | - Optional: namespace ID or FQN for the mapping - optional_uuid_format // Optional field must be a valid UUID + format: uuid + description: 'Optional: namespace ID or FQN for the mapping' namespaceFqn: type: string title: namespace_fqn + minLength: 1 format: uri metadata: title: metadata diff --git a/protocol/go/policy/dynamicvaluemapping/dynamic_value_mapping.pb.go b/protocol/go/policy/dynamicvaluemapping/dynamic_value_mapping.pb.go index 5df7ef6b45..07d2e2d39e 100644 --- a/protocol/go/policy/dynamicvaluemapping/dynamic_value_mapping.pb.go +++ b/protocol/go/policy/dynamicvaluemapping/dynamic_value_mapping.pb.go @@ -841,241 +841,222 @@ var file_policy_dynamicvaluemapping_dynamic_value_mapping_proto_rawDesc = []byte 0x6e, 0x67, 0x73, 0x12, 0x34, 0x0a, 0x0a, 0x70, 0x61, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x50, 0x61, 0x67, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x52, 0x0a, 0x70, - 0x61, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xc9, 0x0a, 0x0a, 0x20, 0x43, 0x72, + 0x61, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x90, 0x08, 0x0a, 0x20, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, - 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0xec, - 0x01, 0x0a, 0x17, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x5f, 0x64, 0x65, 0x66, - 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x42, 0xb3, 0x01, 0xba, 0x48, 0xaf, 0x01, 0xba, 0x01, 0xab, 0x01, 0x0a, 0x14, 0x6f, 0x70, 0x74, - 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x5f, 0x75, 0x75, 0x69, 0x64, 0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61, - 0x74, 0x12, 0x23, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x20, 0x66, 0x69, 0x65, 0x6c, - 0x64, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x62, 0x65, 0x20, 0x61, 0x20, 0x76, 0x61, 0x6c, 0x69, - 0x64, 0x20, 0x55, 0x55, 0x49, 0x44, 0x1a, 0x6e, 0x73, 0x69, 0x7a, 0x65, 0x28, 0x74, 0x68, 0x69, - 0x73, 0x29, 0x20, 0x3d, 0x3d, 0x20, 0x30, 0x20, 0x7c, 0x7c, 0x20, 0x74, 0x68, 0x69, 0x73, 0x2e, - 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x28, 0x27, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, - 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x38, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, - 0x2d, 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, - 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, - 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, - 0x7b, 0x31, 0x32, 0x7d, 0x27, 0x29, 0x52, 0x15, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, - 0x65, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x64, 0x12, 0x44, 0x0a, - 0x18, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, - 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x66, 0x71, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, - 0x0a, 0xba, 0x48, 0x07, 0x72, 0x05, 0x10, 0x00, 0x88, 0x01, 0x01, 0x52, 0x16, 0x61, 0x74, 0x74, - 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, - 0x46, 0x71, 0x6e, 0x12, 0x4b, 0x0a, 0x0e, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x5f, 0x72, 0x65, 0x73, - 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x70, 0x6f, - 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, - 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x42, 0x06, 0xba, 0x48, 0x03, 0xc8, 0x01, - 0x01, 0x52, 0x0d, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, - 0x12, 0xb8, 0x01, 0x0a, 0x07, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x41, 0x63, 0x74, 0x69, - 0x6f, 0x6e, 0x42, 0x8d, 0x01, 0xba, 0x48, 0x89, 0x01, 0xba, 0x01, 0x80, 0x01, 0x0a, 0x1b, 0x61, - 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x5f, 0x6f, 0x72, 0x5f, 0x69, 0x64, - 0x5f, 0x6e, 0x6f, 0x74, 0x5f, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x12, 0x2f, 0x41, 0x63, 0x74, 0x69, - 0x6f, 0x6e, 0x20, 0x6e, 0x61, 0x6d, 0x65, 0x20, 0x6f, 0x72, 0x20, 0x49, 0x44, 0x20, 0x6d, 0x75, - 0x73, 0x74, 0x20, 0x6e, 0x6f, 0x74, 0x20, 0x62, 0x65, 0x20, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x20, - 0x69, 0x66, 0x20, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x64, 0x1a, 0x30, 0x74, 0x68, 0x69, - 0x73, 0x2e, 0x61, 0x6c, 0x6c, 0x28, 0x69, 0x74, 0x65, 0x6d, 0x2c, 0x20, 0x69, 0x74, 0x65, 0x6d, - 0x2e, 0x6e, 0x61, 0x6d, 0x65, 0x20, 0x21, 0x3d, 0x20, 0x27, 0x27, 0x20, 0x7c, 0x7c, 0x20, 0x69, - 0x74, 0x65, 0x6d, 0x2e, 0x69, 0x64, 0x20, 0x21, 0x3d, 0x20, 0x27, 0x27, 0x29, 0x92, 0x01, 0x02, - 0x08, 0x01, 0x52, 0x07, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0xfe, 0x01, 0x0a, 0x21, - 0x65, 0x78, 0x69, 0x73, 0x74, 0x69, 0x6e, 0x67, 0x5f, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, - 0x5f, 0x63, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x74, 0x5f, 0x69, - 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x42, 0xb3, 0x01, 0xba, 0x48, 0xaf, 0x01, 0xba, 0x01, - 0xab, 0x01, 0x0a, 0x14, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x5f, 0x75, 0x75, 0x69, - 0x64, 0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0x23, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, - 0x61, 0x6c, 0x20, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x62, 0x65, - 0x20, 0x61, 0x20, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x20, 0x55, 0x55, 0x49, 0x44, 0x1a, 0x6e, 0x73, - 0x69, 0x7a, 0x65, 0x28, 0x74, 0x68, 0x69, 0x73, 0x29, 0x20, 0x3d, 0x3d, 0x20, 0x30, 0x20, 0x7c, - 0x7c, 0x20, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x28, 0x27, - 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x38, 0x7d, 0x2d, 0x5b, - 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, 0x30, - 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, - 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, - 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x31, 0x32, 0x7d, 0x27, 0x29, 0x52, 0x1d, 0x65, - 0x78, 0x69, 0x73, 0x74, 0x69, 0x6e, 0x67, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x43, 0x6f, - 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x74, 0x49, 0x64, 0x12, 0x6b, 0x0a, 0x19, - 0x6e, 0x65, 0x77, 0x5f, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x63, 0x6f, 0x6e, 0x64, - 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x30, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, - 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2e, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x43, - 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x74, 0x43, 0x72, 0x65, 0x61, 0x74, - 0x65, 0x52, 0x16, 0x6e, 0x65, 0x77, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x43, 0x6f, 0x6e, - 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x74, 0x12, 0xd7, 0x01, 0x0a, 0x0c, 0x6e, 0x61, - 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, - 0x42, 0xb3, 0x01, 0xba, 0x48, 0xaf, 0x01, 0xba, 0x01, 0xab, 0x01, 0x0a, 0x14, 0x6f, 0x70, 0x74, - 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x5f, 0x75, 0x75, 0x69, 0x64, 0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61, - 0x74, 0x12, 0x23, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x20, 0x66, 0x69, 0x65, 0x6c, - 0x64, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x62, 0x65, 0x20, 0x61, 0x20, 0x76, 0x61, 0x6c, 0x69, - 0x64, 0x20, 0x55, 0x55, 0x49, 0x44, 0x1a, 0x6e, 0x73, 0x69, 0x7a, 0x65, 0x28, 0x74, 0x68, 0x69, - 0x73, 0x29, 0x20, 0x3d, 0x3d, 0x20, 0x30, 0x20, 0x7c, 0x7c, 0x20, 0x74, 0x68, 0x69, 0x73, 0x2e, - 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x28, 0x27, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, - 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x38, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, - 0x2d, 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, - 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, - 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, - 0x7b, 0x31, 0x32, 0x7d, 0x27, 0x29, 0x52, 0x0b, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, - 0x65, 0x49, 0x64, 0x12, 0x2f, 0x0a, 0x0d, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, - 0x5f, 0x66, 0x71, 0x6e, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x42, 0x0a, 0xba, 0x48, 0x07, 0x72, - 0x05, 0x10, 0x00, 0x88, 0x01, 0x01, 0x52, 0x0c, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, - 0x65, 0x46, 0x71, 0x6e, 0x12, 0x33, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, - 0x18, 0x64, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, - 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x4d, 0x75, 0x74, 0x61, 0x62, 0x6c, 0x65, 0x52, - 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x3a, 0x3a, 0xba, 0x48, 0x37, 0x22, 0x35, + 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x40, 0x0a, 0x17, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x5f, 0x64, 0x65, 0x66, 0x69, - 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x0a, 0x18, 0x61, 0x74, 0x74, 0x72, 0x69, - 0x62, 0x75, 0x74, 0x65, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, - 0x66, 0x71, 0x6e, 0x10, 0x01, 0x22, 0x74, 0x0a, 0x21, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x44, - 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, - 0x6e, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4f, 0x0a, 0x15, 0x64, 0x79, - 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x5f, 0x6d, 0x61, 0x70, 0x70, - 0x69, 0x6e, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x70, 0x6f, 0x6c, 0x69, - 0x63, 0x79, 0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, - 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x13, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, - 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x22, 0xc6, 0x05, 0x0a, 0x20, - 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, - 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x12, 0x18, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x08, 0xba, 0x48, - 0x05, 0x72, 0x03, 0xb0, 0x01, 0x01, 0x52, 0x02, 0x69, 0x64, 0x12, 0x43, 0x0a, 0x0e, 0x76, 0x61, - 0x6c, 0x75, 0x65, 0x5f, 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x44, 0x79, 0x6e, 0x61, - 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, - 0x52, 0x0d, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x12, - 0xed, 0x01, 0x0a, 0x18, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x63, 0x6f, 0x6e, 0x64, - 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x09, 0x42, 0xb3, 0x01, 0xba, 0x48, 0xaf, 0x01, 0xba, 0x01, 0xab, 0x01, 0x0a, 0x14, 0x6f, - 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x5f, 0x75, 0x75, 0x69, 0x64, 0x5f, 0x66, 0x6f, 0x72, - 0x6d, 0x61, 0x74, 0x12, 0x23, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x20, 0x66, 0x69, - 0x65, 0x6c, 0x64, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x62, 0x65, 0x20, 0x61, 0x20, 0x76, 0x61, - 0x6c, 0x69, 0x64, 0x20, 0x55, 0x55, 0x49, 0x44, 0x1a, 0x6e, 0x73, 0x69, 0x7a, 0x65, 0x28, 0x74, - 0x68, 0x69, 0x73, 0x29, 0x20, 0x3d, 0x3d, 0x20, 0x30, 0x20, 0x7c, 0x7c, 0x20, 0x74, 0x68, 0x69, - 0x73, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x28, 0x27, 0x5b, 0x30, 0x2d, 0x39, 0x61, - 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x38, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, - 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, - 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, - 0x2d, 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, - 0x46, 0x5d, 0x7b, 0x31, 0x32, 0x7d, 0x27, 0x29, 0x52, 0x15, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, - 0x74, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x74, 0x49, 0x64, 0x12, - 0xc7, 0x01, 0x0a, 0x07, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x0e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x41, 0x63, 0x74, 0x69, 0x6f, - 0x6e, 0x42, 0x9c, 0x01, 0xba, 0x48, 0x98, 0x01, 0xba, 0x01, 0x94, 0x01, 0x0a, 0x1b, 0x61, 0x63, - 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x5f, 0x6f, 0x72, 0x5f, 0x69, 0x64, 0x5f, - 0x6e, 0x6f, 0x74, 0x5f, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x12, 0x2f, 0x41, 0x63, 0x74, 0x69, 0x6f, - 0x6e, 0x20, 0x6e, 0x61, 0x6d, 0x65, 0x20, 0x6f, 0x72, 0x20, 0x49, 0x44, 0x20, 0x6d, 0x75, 0x73, - 0x74, 0x20, 0x6e, 0x6f, 0x74, 0x20, 0x62, 0x65, 0x20, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x20, 0x69, - 0x66, 0x20, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x64, 0x1a, 0x44, 0x74, 0x68, 0x69, 0x73, - 0x2e, 0x73, 0x69, 0x7a, 0x65, 0x28, 0x29, 0x20, 0x3d, 0x3d, 0x20, 0x30, 0x20, 0x7c, 0x7c, 0x20, + 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, + 0x08, 0xba, 0x48, 0x05, 0x72, 0x03, 0xb0, 0x01, 0x01, 0x52, 0x15, 0x61, 0x74, 0x74, 0x72, 0x69, + 0x62, 0x75, 0x74, 0x65, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x64, + 0x12, 0x44, 0x0a, 0x18, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x5f, 0x64, 0x65, + 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x66, 0x71, 0x6e, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x09, 0x42, 0x0a, 0xba, 0x48, 0x07, 0x72, 0x05, 0x10, 0x01, 0x88, 0x01, 0x01, 0x52, 0x16, + 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, + 0x69, 0x6f, 0x6e, 0x46, 0x71, 0x6e, 0x12, 0x4b, 0x0a, 0x0e, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x5f, + 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, + 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, + 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x42, 0x06, 0xba, 0x48, + 0x03, 0xc8, 0x01, 0x01, 0x52, 0x0d, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, + 0x76, 0x65, 0x72, 0x12, 0xb8, 0x01, 0x0a, 0x07, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, + 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x41, + 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x8d, 0x01, 0xba, 0x48, 0x89, 0x01, 0xba, 0x01, 0x80, 0x01, + 0x0a, 0x1b, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x5f, 0x6f, 0x72, + 0x5f, 0x69, 0x64, 0x5f, 0x6e, 0x6f, 0x74, 0x5f, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x12, 0x2f, 0x41, + 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x6e, 0x61, 0x6d, 0x65, 0x20, 0x6f, 0x72, 0x20, 0x49, 0x44, + 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x6e, 0x6f, 0x74, 0x20, 0x62, 0x65, 0x20, 0x65, 0x6d, 0x70, + 0x74, 0x79, 0x20, 0x69, 0x66, 0x20, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x64, 0x1a, 0x30, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x61, 0x6c, 0x6c, 0x28, 0x69, 0x74, 0x65, 0x6d, 0x2c, 0x20, 0x69, 0x74, 0x65, 0x6d, 0x2e, 0x6e, 0x61, 0x6d, 0x65, 0x20, 0x21, 0x3d, 0x20, 0x27, 0x27, 0x20, 0x7c, 0x7c, 0x20, 0x69, 0x74, 0x65, 0x6d, 0x2e, 0x69, 0x64, 0x20, 0x21, 0x3d, 0x20, 0x27, 0x27, 0x29, - 0x52, 0x07, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x33, 0x0a, 0x08, 0x6d, 0x65, 0x74, - 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x64, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x63, 0x6f, - 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x4d, 0x75, 0x74, - 0x61, 0x62, 0x6c, 0x65, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x54, - 0x0a, 0x18, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x75, 0x70, 0x64, 0x61, 0x74, - 0x65, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x18, 0x65, 0x20, 0x01, 0x28, 0x0e, - 0x32, 0x1a, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, - 0x74, 0x61, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x45, 0x6e, 0x75, 0x6d, 0x52, 0x16, 0x6d, 0x65, - 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x42, 0x65, 0x68, 0x61, - 0x76, 0x69, 0x6f, 0x72, 0x22, 0x74, 0x0a, 0x21, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x44, 0x79, - 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, - 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4f, 0x0a, 0x15, 0x64, 0x79, 0x6e, - 0x61, 0x6d, 0x69, 0x63, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x5f, 0x6d, 0x61, 0x70, 0x70, 0x69, - 0x6e, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, - 0x79, 0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, - 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x13, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, - 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x22, 0x3c, 0x0a, 0x20, 0x44, 0x65, - 0x6c, 0x65, 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, - 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x18, - 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x08, 0xba, 0x48, 0x05, 0x72, - 0x03, 0xb0, 0x01, 0x01, 0x52, 0x02, 0x69, 0x64, 0x22, 0x74, 0x0a, 0x21, 0x44, 0x65, 0x6c, 0x65, - 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, - 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4f, 0x0a, - 0x15, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x5f, 0x6d, - 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x70, - 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, - 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x13, 0x64, 0x79, 0x6e, 0x61, 0x6d, - 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2a, 0xb2, - 0x01, 0x0a, 0x1c, 0x53, 0x6f, 0x72, 0x74, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, - 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x54, 0x79, 0x70, 0x65, 0x12, - 0x30, 0x0a, 0x2c, 0x53, 0x4f, 0x52, 0x54, 0x5f, 0x44, 0x59, 0x4e, 0x41, 0x4d, 0x49, 0x43, 0x5f, - 0x56, 0x41, 0x4c, 0x55, 0x45, 0x5f, 0x4d, 0x41, 0x50, 0x50, 0x49, 0x4e, 0x47, 0x53, 0x5f, 0x54, - 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, - 0x00, 0x12, 0x2f, 0x0a, 0x2b, 0x53, 0x4f, 0x52, 0x54, 0x5f, 0x44, 0x59, 0x4e, 0x41, 0x4d, 0x49, - 0x43, 0x5f, 0x56, 0x41, 0x4c, 0x55, 0x45, 0x5f, 0x4d, 0x41, 0x50, 0x50, 0x49, 0x4e, 0x47, 0x53, - 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x43, 0x52, 0x45, 0x41, 0x54, 0x45, 0x44, 0x5f, 0x41, 0x54, - 0x10, 0x01, 0x12, 0x2f, 0x0a, 0x2b, 0x53, 0x4f, 0x52, 0x54, 0x5f, 0x44, 0x59, 0x4e, 0x41, 0x4d, - 0x49, 0x43, 0x5f, 0x56, 0x41, 0x4c, 0x55, 0x45, 0x5f, 0x4d, 0x41, 0x50, 0x50, 0x49, 0x4e, 0x47, - 0x53, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x50, 0x44, 0x41, 0x54, 0x45, 0x44, 0x5f, 0x41, - 0x54, 0x10, 0x02, 0x32, 0xa7, 0x06, 0x0a, 0x1a, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, - 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x53, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x12, 0x9a, 0x01, 0x0a, 0x18, 0x4c, 0x69, 0x73, 0x74, 0x44, 0x79, 0x6e, 0x61, 0x6d, - 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x12, - 0x3b, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2e, 0x4c, 0x69, 0x73, - 0x74, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, - 0x70, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3c, 0x2e, 0x70, - 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x44, 0x79, - 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, - 0x67, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x03, 0x90, 0x02, 0x01, 0x12, - 0x94, 0x01, 0x0a, 0x16, 0x47, 0x65, 0x74, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, - 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x12, 0x39, 0x2e, 0x70, 0x6f, 0x6c, - 0x69, 0x63, 0x79, 0x2e, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2e, 0x47, 0x65, 0x74, 0x44, 0x79, 0x6e, 0x61, 0x6d, - 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3a, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x64, - 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, - 0x6e, 0x67, 0x2e, 0x47, 0x65, 0x74, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, - 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x22, 0x03, 0x90, 0x02, 0x01, 0x12, 0x9a, 0x01, 0x0a, 0x19, 0x43, 0x72, 0x65, 0x61, 0x74, - 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, - 0x70, 0x69, 0x6e, 0x67, 0x12, 0x3c, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x64, 0x79, - 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, - 0x67, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, - 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x1a, 0x3d, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x64, 0x79, 0x6e, 0x61, - 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2e, + 0x92, 0x01, 0x02, 0x08, 0x01, 0x52, 0x07, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0xfe, + 0x01, 0x0a, 0x21, 0x65, 0x78, 0x69, 0x73, 0x74, 0x69, 0x6e, 0x67, 0x5f, 0x73, 0x75, 0x62, 0x6a, + 0x65, 0x63, 0x74, 0x5f, 0x63, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x65, + 0x74, 0x5f, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x42, 0xb3, 0x01, 0xba, 0x48, 0xaf, + 0x01, 0xba, 0x01, 0xab, 0x01, 0x0a, 0x14, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x5f, + 0x75, 0x75, 0x69, 0x64, 0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0x23, 0x4f, 0x70, 0x74, + 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x20, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x20, 0x6d, 0x75, 0x73, 0x74, + 0x20, 0x62, 0x65, 0x20, 0x61, 0x20, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x20, 0x55, 0x55, 0x49, 0x44, + 0x1a, 0x6e, 0x73, 0x69, 0x7a, 0x65, 0x28, 0x74, 0x68, 0x69, 0x73, 0x29, 0x20, 0x3d, 0x3d, 0x20, + 0x30, 0x20, 0x7c, 0x7c, 0x20, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, + 0x73, 0x28, 0x27, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x38, + 0x7d, 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x34, 0x7d, + 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d, + 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, + 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x31, 0x32, 0x7d, 0x27, 0x29, + 0x52, 0x1d, 0x65, 0x78, 0x69, 0x73, 0x74, 0x69, 0x6e, 0x67, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, + 0x74, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x74, 0x49, 0x64, 0x12, + 0x6b, 0x0a, 0x19, 0x6e, 0x65, 0x77, 0x5f, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x63, + 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x74, 0x18, 0x06, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x73, 0x75, 0x62, 0x6a, + 0x65, 0x63, 0x74, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2e, 0x53, 0x75, 0x62, 0x6a, 0x65, + 0x63, 0x74, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x74, 0x43, 0x72, + 0x65, 0x61, 0x74, 0x65, 0x52, 0x16, 0x6e, 0x65, 0x77, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, + 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x74, 0x12, 0x2b, 0x0a, 0x0c, + 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x07, 0x20, 0x01, + 0x28, 0x09, 0x42, 0x08, 0xba, 0x48, 0x05, 0x72, 0x03, 0xb0, 0x01, 0x01, 0x52, 0x0b, 0x6e, 0x61, + 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x49, 0x64, 0x12, 0x2f, 0x0a, 0x0d, 0x6e, 0x61, 0x6d, + 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x66, 0x71, 0x6e, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, + 0x42, 0x0a, 0xba, 0x48, 0x07, 0x72, 0x05, 0x10, 0x01, 0x88, 0x01, 0x01, 0x52, 0x0c, 0x6e, 0x61, + 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x46, 0x71, 0x6e, 0x12, 0x33, 0x0a, 0x08, 0x6d, 0x65, + 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x64, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x63, + 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x4d, 0x75, + 0x74, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x3a, + 0x5b, 0xba, 0x48, 0x58, 0x22, 0x35, 0x0a, 0x17, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, + 0x65, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x0a, + 0x18, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, + 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x66, 0x71, 0x6e, 0x10, 0x01, 0x22, 0x1f, 0x0a, 0x0c, 0x6e, + 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x0a, 0x0d, 0x6e, 0x61, 0x6d, + 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x66, 0x71, 0x6e, 0x10, 0x00, 0x22, 0x74, 0x0a, 0x21, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x22, 0x00, 0x12, 0x9a, 0x01, 0x0a, 0x19, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x44, 0x79, + 0x65, 0x12, 0x4f, 0x0a, 0x15, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x5f, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x5f, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x1b, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, + 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x13, 0x64, + 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, + 0x6e, 0x67, 0x22, 0xc6, 0x05, 0x0a, 0x20, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x44, 0x79, 0x6e, + 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x18, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x42, 0x08, 0xba, 0x48, 0x05, 0x72, 0x03, 0xb0, 0x01, 0x01, 0x52, 0x02, 0x69, + 0x64, 0x12, 0x43, 0x0a, 0x0e, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x5f, 0x72, 0x65, 0x73, 0x6f, 0x6c, + 0x76, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x70, 0x6f, 0x6c, 0x69, + 0x63, 0x79, 0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, + 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x52, 0x0d, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, + 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x12, 0xed, 0x01, 0x0a, 0x18, 0x73, 0x75, 0x62, 0x6a, 0x65, + 0x63, 0x74, 0x5f, 0x63, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x74, + 0x5f, 0x69, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x42, 0xb3, 0x01, 0xba, 0x48, 0xaf, 0x01, + 0xba, 0x01, 0xab, 0x01, 0x0a, 0x14, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x5f, 0x75, + 0x75, 0x69, 0x64, 0x5f, 0x66, 0x6f, 0x72, 0x6d, 0x61, 0x74, 0x12, 0x23, 0x4f, 0x70, 0x74, 0x69, + 0x6f, 0x6e, 0x61, 0x6c, 0x20, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, + 0x62, 0x65, 0x20, 0x61, 0x20, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x20, 0x55, 0x55, 0x49, 0x44, 0x1a, + 0x6e, 0x73, 0x69, 0x7a, 0x65, 0x28, 0x74, 0x68, 0x69, 0x73, 0x29, 0x20, 0x3d, 0x3d, 0x20, 0x30, + 0x20, 0x7c, 0x7c, 0x20, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, + 0x28, 0x27, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x38, 0x7d, + 0x2d, 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d, + 0x5b, 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, + 0x30, 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x34, 0x7d, 0x2d, 0x5b, 0x30, + 0x2d, 0x39, 0x61, 0x2d, 0x66, 0x41, 0x2d, 0x46, 0x5d, 0x7b, 0x31, 0x32, 0x7d, 0x27, 0x29, 0x52, + 0x15, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, + 0x6e, 0x53, 0x65, 0x74, 0x49, 0x64, 0x12, 0xc7, 0x01, 0x0a, 0x07, 0x61, 0x63, 0x74, 0x69, 0x6f, + 0x6e, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, + 0x79, 0x2e, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x9c, 0x01, 0xba, 0x48, 0x98, 0x01, 0xba, + 0x01, 0x94, 0x01, 0x0a, 0x1b, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6e, 0x61, 0x6d, 0x65, + 0x5f, 0x6f, 0x72, 0x5f, 0x69, 0x64, 0x5f, 0x6e, 0x6f, 0x74, 0x5f, 0x65, 0x6d, 0x70, 0x74, 0x79, + 0x12, 0x2f, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x6e, 0x61, 0x6d, 0x65, 0x20, 0x6f, 0x72, + 0x20, 0x49, 0x44, 0x20, 0x6d, 0x75, 0x73, 0x74, 0x20, 0x6e, 0x6f, 0x74, 0x20, 0x62, 0x65, 0x20, + 0x65, 0x6d, 0x70, 0x74, 0x79, 0x20, 0x69, 0x66, 0x20, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, + 0x64, 0x1a, 0x44, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x73, 0x69, 0x7a, 0x65, 0x28, 0x29, 0x20, 0x3d, + 0x3d, 0x20, 0x30, 0x20, 0x7c, 0x7c, 0x20, 0x74, 0x68, 0x69, 0x73, 0x2e, 0x61, 0x6c, 0x6c, 0x28, + 0x69, 0x74, 0x65, 0x6d, 0x2c, 0x20, 0x69, 0x74, 0x65, 0x6d, 0x2e, 0x6e, 0x61, 0x6d, 0x65, 0x20, + 0x21, 0x3d, 0x20, 0x27, 0x27, 0x20, 0x7c, 0x7c, 0x20, 0x69, 0x74, 0x65, 0x6d, 0x2e, 0x69, 0x64, + 0x20, 0x21, 0x3d, 0x20, 0x27, 0x27, 0x29, 0x52, 0x07, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, + 0x12, 0x33, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x64, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d, 0x65, 0x74, 0x61, + 0x64, 0x61, 0x74, 0x61, 0x4d, 0x75, 0x74, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x08, 0x6d, 0x65, 0x74, + 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x54, 0x0a, 0x18, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, + 0x61, 0x5f, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, + 0x72, 0x18, 0x65, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1a, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, + 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x45, + 0x6e, 0x75, 0x6d, 0x52, 0x16, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x55, 0x70, 0x64, + 0x61, 0x74, 0x65, 0x42, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x22, 0x74, 0x0a, 0x21, 0x55, + 0x70, 0x64, 0x61, 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, + 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x12, 0x4f, 0x0a, 0x15, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x5f, 0x76, 0x61, 0x6c, 0x75, + 0x65, 0x5f, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x1b, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, + 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x13, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, - 0x67, 0x12, 0x3c, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x64, 0x79, 0x6e, 0x61, 0x6d, - 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2e, 0x55, + 0x67, 0x22, 0x3c, 0x0a, 0x20, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, + 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x18, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x42, 0x08, 0xba, 0x48, 0x05, 0x72, 0x03, 0xb0, 0x01, 0x01, 0x52, 0x02, 0x69, 0x64, 0x22, + 0x74, 0x0a, 0x21, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, + 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x73, 0x70, + 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4f, 0x0a, 0x15, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x5f, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x5f, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x44, 0x79, 0x6e, + 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, + 0x52, 0x13, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, + 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2a, 0xb2, 0x01, 0x0a, 0x1c, 0x53, 0x6f, 0x72, 0x74, 0x44, 0x79, + 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, + 0x67, 0x73, 0x54, 0x79, 0x70, 0x65, 0x12, 0x30, 0x0a, 0x2c, 0x53, 0x4f, 0x52, 0x54, 0x5f, 0x44, + 0x59, 0x4e, 0x41, 0x4d, 0x49, 0x43, 0x5f, 0x56, 0x41, 0x4c, 0x55, 0x45, 0x5f, 0x4d, 0x41, 0x50, + 0x50, 0x49, 0x4e, 0x47, 0x53, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, + 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x2f, 0x0a, 0x2b, 0x53, 0x4f, 0x52, 0x54, + 0x5f, 0x44, 0x59, 0x4e, 0x41, 0x4d, 0x49, 0x43, 0x5f, 0x56, 0x41, 0x4c, 0x55, 0x45, 0x5f, 0x4d, + 0x41, 0x50, 0x50, 0x49, 0x4e, 0x47, 0x53, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x43, 0x52, 0x45, + 0x41, 0x54, 0x45, 0x44, 0x5f, 0x41, 0x54, 0x10, 0x01, 0x12, 0x2f, 0x0a, 0x2b, 0x53, 0x4f, 0x52, + 0x54, 0x5f, 0x44, 0x59, 0x4e, 0x41, 0x4d, 0x49, 0x43, 0x5f, 0x56, 0x41, 0x4c, 0x55, 0x45, 0x5f, + 0x4d, 0x41, 0x50, 0x50, 0x49, 0x4e, 0x47, 0x53, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x50, + 0x44, 0x41, 0x54, 0x45, 0x44, 0x5f, 0x41, 0x54, 0x10, 0x02, 0x32, 0xa7, 0x06, 0x0a, 0x1a, 0x44, + 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, + 0x6e, 0x67, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x9a, 0x01, 0x0a, 0x18, 0x4c, 0x69, + 0x73, 0x74, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, + 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3b, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, + 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, + 0x69, 0x6e, 0x67, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, + 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x1a, 0x3c, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x64, 0x79, 0x6e, + 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, + 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, + 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x22, 0x03, 0x90, 0x02, 0x01, 0x12, 0x94, 0x01, 0x0a, 0x16, 0x47, 0x65, 0x74, 0x44, 0x79, + 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, + 0x67, 0x12, 0x39, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x64, 0x79, 0x6e, 0x61, 0x6d, + 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2e, 0x47, + 0x65, 0x74, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, + 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3a, 0x2e, 0x70, + 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2e, 0x47, 0x65, 0x74, 0x44, 0x79, 0x6e, + 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x03, 0x90, 0x02, 0x01, 0x12, 0x9a, 0x01, + 0x0a, 0x19, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, + 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x12, 0x3c, 0x2e, 0x70, 0x6f, + 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, + 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x44, + 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, + 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3d, 0x2e, 0x70, 0x6f, 0x6c, 0x69, + 0x63, 0x79, 0x2e, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, + 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x44, 0x79, 0x6e, + 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x9a, 0x01, 0x0a, 0x19, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, - 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, - 0x3d, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2e, 0x55, 0x70, 0x64, - 0x61, 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, - 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, - 0x12, 0x9a, 0x01, 0x0a, 0x19, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, - 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x12, 0x3c, - 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, - 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2e, 0x44, 0x65, 0x6c, 0x65, + 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x12, 0x3c, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, + 0x79, 0x2e, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, + 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, + 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3d, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, + 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, + 0x69, 0x6e, 0x67, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, + 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x9a, 0x01, 0x0a, 0x19, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, - 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3d, 0x2e, 0x70, - 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, - 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, - 0x69, 0x6e, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x87, 0x02, - 0x0a, 0x1e, 0x63, 0x6f, 0x6d, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x64, 0x79, 0x6e, - 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, - 0x42, 0x18, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, - 0x70, 0x70, 0x69, 0x6e, 0x67, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x42, 0x67, 0x69, - 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x70, 0x65, 0x6e, 0x74, 0x64, 0x66, - 0x2f, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, - 0x6f, 0x6c, 0x2f, 0x67, 0x6f, 0x2f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2f, 0x64, 0x79, 0x6e, - 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, - 0xa2, 0x02, 0x03, 0x50, 0x44, 0x58, 0xaa, 0x02, 0x1a, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, - 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, - 0x69, 0x6e, 0x67, 0xca, 0x02, 0x1a, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x5c, 0x44, 0x79, 0x6e, + 0x70, 0x70, 0x69, 0x6e, 0x67, 0x12, 0x3c, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x64, + 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, + 0x6e, 0x67, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, + 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x1a, 0x3d, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, - 0xe2, 0x02, 0x26, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x5c, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, - 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x5c, 0x47, 0x50, - 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x1b, 0x50, 0x6f, 0x6c, 0x69, - 0x63, 0x79, 0x3a, 0x3a, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x56, 0x61, + 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x22, 0x00, 0x42, 0x87, 0x02, 0x0a, 0x1e, 0x63, 0x6f, 0x6d, 0x2e, 0x70, 0x6f, 0x6c, + 0x69, 0x63, 0x79, 0x2e, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, + 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x42, 0x18, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, + 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x50, 0x72, 0x6f, 0x74, + 0x6f, 0x50, 0x01, 0x5a, 0x42, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, + 0x6f, 0x70, 0x65, 0x6e, 0x74, 0x64, 0x66, 0x2f, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, + 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2f, 0x67, 0x6f, 0x2f, 0x70, 0x6f, 0x6c, + 0x69, 0x63, 0x79, 0x2f, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, + 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0xa2, 0x02, 0x03, 0x50, 0x44, 0x58, 0xaa, 0x02, 0x1a, + 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, + 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0xca, 0x02, 0x1a, 0x50, 0x6f, 0x6c, + 0x69, 0x63, 0x79, 0x5c, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, + 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0xe2, 0x02, 0x26, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, + 0x5c, 0x44, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, + 0x70, 0x69, 0x6e, 0x67, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, + 0xea, 0x02, 0x1b, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x3a, 0x3a, 0x44, 0x79, 0x6e, 0x61, 0x6d, + 0x69, 0x63, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x6d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x62, 0x06, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/service/policy/dynamicvaluemapping/dynamic_value_mapping.proto b/service/policy/dynamicvaluemapping/dynamic_value_mapping.proto index a16d3aedd4..d7ff2ac5a1 100644 --- a/service/policy/dynamicvaluemapping/dynamic_value_mapping.proto +++ b/service/policy/dynamicvaluemapping/dynamic_value_mapping.proto @@ -68,14 +68,16 @@ message CreateDynamicValueMappingRequest { fields: ["attribute_definition_id", "attribute_definition_fqn"] required: true }; - string attribute_definition_id = 1 [(buf.validate.field).cel = { - id: "optional_uuid_format" - message: "Optional field must be a valid UUID" - expression: "size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}')" - }]; + // Optional: Namespace ID or FQN to scope the mapping to + option (buf.validate.message).oneof = { + fields: ["namespace_id", "namespace_fqn"] + required: false + }; + + string attribute_definition_id = 1 [(buf.validate.field).string.uuid = true]; string attribute_definition_fqn = 2 [ (buf.validate.field).string = { - min_len: 0 + min_len: 1 uri: true } ]; @@ -103,14 +105,10 @@ message CreateDynamicValueMappingRequest { policy.subjectmapping.SubjectConditionSetCreate new_subject_condition_set = 6; // Optional: namespace ID or FQN for the mapping - string namespace_id = 7 [(buf.validate.field).cel = { - id: "optional_uuid_format" - message: "Optional field must be a valid UUID" - expression: "size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}')" - }]; + string namespace_id = 7 [(buf.validate.field).string.uuid = true]; string namespace_fqn = 8 [ (buf.validate.field).string = { - min_len: 0 + min_len: 1 uri: true } ];
        Method NameRequest TypeResponse TypeDescription
        MatchSubjectMappingsMatchSubjectMappingsRequestMatchSubjectMappingsResponse

        Find matching Subject Mappings for a given Subject

        ListSubjectMappingsListSubjectMappingsRequestListSubjectMappingsResponseListResourceMappingGroupsListResourceMappingGroupsRequestListResourceMappingGroupsResponse

        GetSubjectMappingGetSubjectMappingRequestGetSubjectMappingResponseGetResourceMappingGroupGetResourceMappingGroupRequestGetResourceMappingGroupResponse

        CreateSubjectMappingCreateSubjectMappingRequestCreateSubjectMappingResponseCreateResourceMappingGroupCreateResourceMappingGroupRequestCreateResourceMappingGroupResponse

        UpdateSubjectMappingUpdateSubjectMappingRequestUpdateSubjectMappingResponseUpdateResourceMappingGroupUpdateResourceMappingGroupRequestUpdateResourceMappingGroupResponse

        DeleteSubjectMappingDeleteSubjectMappingRequestDeleteSubjectMappingResponseDeleteResourceMappingGroupDeleteResourceMappingGroupRequestDeleteResourceMappingGroupResponse

        ListSubjectConditionSetsListSubjectConditionSetsRequestListSubjectConditionSetsResponseListResourceMappingsListResourceMappingsRequestListResourceMappingsResponse

        GetSubjectConditionSetGetSubjectConditionSetRequestGetSubjectConditionSetResponseListResourceMappingsByGroupFqnsListResourceMappingsByGroupFqnsRequestListResourceMappingsByGroupFqnsResponse

        CreateSubjectConditionSetCreateSubjectConditionSetRequestCreateSubjectConditionSetResponseGetResourceMappingGetResourceMappingRequestGetResourceMappingResponse

        UpdateSubjectConditionSetUpdateSubjectConditionSetRequestUpdateSubjectConditionSetResponseCreateResourceMappingCreateResourceMappingRequestCreateResourceMappingResponse

        DeleteSubjectConditionSetDeleteSubjectConditionSetRequestDeleteSubjectConditionSetResponseUpdateResourceMappingUpdateResourceMappingRequestUpdateResourceMappingResponse

        DeleteAllUnmappedSubjectConditionSetsDeleteAllUnmappedSubjectConditionSetsRequestDeleteAllUnmappedSubjectConditionSetsResponseDeleteResourceMappingDeleteResourceMappingRequestDeleteResourceMappingResponse

        ListSubjectMappingsListResourceMappingGroups

        NO_SIDE_EFFECTS
        GetSubjectMappingGetResourceMappingGroup

        NO_SIDE_EFFECTS
        ListSubjectConditionSetsListResourceMappings

        NO_SIDE_EFFECTS
        GetSubjectConditionSetListResourceMappingsByGroupFqns

        NO_SIDE_EFFECTS

        GetResourceMapping

        NO_SIDE_EFFECTS