diff --git a/buf.gen.yaml b/buf.gen.yaml index 4d58b32..48ceb00 100644 --- a/buf.gen.yaml +++ b/buf.gen.yaml @@ -9,4 +9,4 @@ plugins: - client_grpc1 inputs: # This SHA refers to the v1.41.0 commit with deprecated APIs removed - - module: "buf.build/authzed/api:9ab71677051b46cbb04eb56c27faf2af" + - module: "buf.build/authzed/api:v1.45.0" diff --git a/src/authzedapi/authzed/api/materialize/v0/watchpermissionsets.grpc-client.ts b/src/authzedapi/authzed/api/materialize/v0/watchpermissionsets.grpc-client.ts index d128b6b..eb6f482 100644 --- a/src/authzedapi/authzed/api/materialize/v0/watchpermissionsets.grpc-client.ts +++ b/src/authzedapi/authzed/api/materialize/v0/watchpermissionsets.grpc-client.ts @@ -4,6 +4,8 @@ import { WatchPermissionSetsService } from "./watchpermissionsets.js"; import type { BinaryWriteOptions } from "@protobuf-ts/runtime"; import type { BinaryReadOptions } from "@protobuf-ts/runtime"; +import type { DownloadPermissionSetsResponse } from "./watchpermissionsets.js"; +import type { DownloadPermissionSetsRequest } from "./watchpermissionsets.js"; import type { LookupPermissionSetsResponse } from "./watchpermissionsets.js"; import type { LookupPermissionSetsRequest } from "./watchpermissionsets.js"; import type { WatchPermissionSetsResponse } from "./watchpermissionsets.js"; @@ -68,6 +70,18 @@ export interface IWatchPermissionSetsServiceClient { */ lookupPermissionSets(input: LookupPermissionSetsRequest, metadata?: grpc.Metadata, options?: grpc.CallOptions): grpc.ClientReadableStream; lookupPermissionSets(input: LookupPermissionSetsRequest, options?: grpc.CallOptions): grpc.ClientReadableStream; + /** + * DownloadPermissionSets returns URLs to download permission sets data as Avro files. + * This provides an alternative to LookupPermissionSets for customers who need to download + * large datasets efficiently. The returned URLs point to compressed Avro files containing + * the permission sets data in a normalized format. + * + * @generated from protobuf rpc: DownloadPermissionSets(authzed.api.materialize.v0.DownloadPermissionSetsRequest) returns (authzed.api.materialize.v0.DownloadPermissionSetsResponse); + */ + downloadPermissionSets(input: DownloadPermissionSetsRequest, metadata: grpc.Metadata, options: grpc.CallOptions, callback: (err: grpc.ServiceError | null, value?: DownloadPermissionSetsResponse) => void): grpc.ClientUnaryCall; + downloadPermissionSets(input: DownloadPermissionSetsRequest, metadata: grpc.Metadata, callback: (err: grpc.ServiceError | null, value?: DownloadPermissionSetsResponse) => void): grpc.ClientUnaryCall; + downloadPermissionSets(input: DownloadPermissionSetsRequest, options: grpc.CallOptions, callback: (err: grpc.ServiceError | null, value?: DownloadPermissionSetsResponse) => void): grpc.ClientUnaryCall; + downloadPermissionSets(input: DownloadPermissionSetsRequest, callback: (err: grpc.ServiceError | null, value?: DownloadPermissionSetsResponse) => void): grpc.ClientUnaryCall; } /** * @generated from protobuf service authzed.api.materialize.v0.WatchPermissionSetsService @@ -137,4 +151,16 @@ export class WatchPermissionSetsServiceClient extends grpc.Client implements IWa const method = WatchPermissionSetsService.methods[1]; return this.makeServerStreamRequest(`/${WatchPermissionSetsService.typeName}/${method.name}`, (value: LookupPermissionSetsRequest): Buffer => Buffer.from(method.I.toBinary(value, this._binaryOptions)), (value: Buffer): LookupPermissionSetsResponse => method.O.fromBinary(value, this._binaryOptions), input, (metadata as any), options); } + /** + * DownloadPermissionSets returns URLs to download permission sets data as Avro files. + * This provides an alternative to LookupPermissionSets for customers who need to download + * large datasets efficiently. The returned URLs point to compressed Avro files containing + * the permission sets data in a normalized format. + * + * @generated from protobuf rpc: DownloadPermissionSets(authzed.api.materialize.v0.DownloadPermissionSetsRequest) returns (authzed.api.materialize.v0.DownloadPermissionSetsResponse); + */ + downloadPermissionSets(input: DownloadPermissionSetsRequest, metadata: grpc.Metadata | grpc.CallOptions | ((err: grpc.ServiceError | null, value?: DownloadPermissionSetsResponse) => void), options?: grpc.CallOptions | ((err: grpc.ServiceError | null, value?: DownloadPermissionSetsResponse) => void), callback?: ((err: grpc.ServiceError | null, value?: DownloadPermissionSetsResponse) => void)): grpc.ClientUnaryCall { + const method = WatchPermissionSetsService.methods[2]; + return this.makeUnaryRequest(`/${WatchPermissionSetsService.typeName}/${method.name}`, (value: DownloadPermissionSetsRequest): Buffer => Buffer.from(method.I.toBinary(value, this._binaryOptions)), (value: Buffer): DownloadPermissionSetsResponse => method.O.fromBinary(value, this._binaryOptions), input, (metadata as any), (options as any), (callback as any)); + } } diff --git a/src/authzedapi/authzed/api/materialize/v0/watchpermissionsets.ts b/src/authzedapi/authzed/api/materialize/v0/watchpermissionsets.ts index c953e7a..fcbbfba 100644 --- a/src/authzedapi/authzed/api/materialize/v0/watchpermissionsets.ts +++ b/src/authzedapi/authzed/api/materialize/v0/watchpermissionsets.ts @@ -309,6 +309,46 @@ export interface BreakingSchemaChange { */ changeAt?: ZedToken; } +/** + * @generated from protobuf message authzed.api.materialize.v0.DownloadPermissionSetsRequest + */ +export interface DownloadPermissionSetsRequest { + /** + * optional_at_revision is a specific revision to download; for now this will + * just validate that it matches the backing store if provided. + * + * @generated from protobuf field: authzed.api.v1.ZedToken optional_at_revision = 1; + */ + optionalAtRevision?: ZedToken; +} +/** + * @generated from protobuf message authzed.api.materialize.v0.File + */ +export interface File { + /** + * name is the filename of the downloadable file + * + * @generated from protobuf field: string name = 1; + */ + name: string; + /** + * url is the download URL for the file (typically a signed S3 URL) + * + * @generated from protobuf field: string url = 2; + */ + url: string; +} +/** + * @generated from protobuf message authzed.api.materialize.v0.DownloadPermissionSetsResponse + */ +export interface DownloadPermissionSetsResponse { + /** + * files contains the list of downloadable files with their URLs + * + * @generated from protobuf field: repeated authzed.api.materialize.v0.File files = 1; + */ + files: File[]; +} // @generated message type with reflection information, may provide speed optimized methods class WatchPermissionSetsRequest$Type extends MessageType { constructor() { @@ -930,10 +970,159 @@ class BreakingSchemaChange$Type extends MessageType { * @generated MessageType for protobuf message authzed.api.materialize.v0.BreakingSchemaChange */ export const BreakingSchemaChange = new BreakingSchemaChange$Type(); +// @generated message type with reflection information, may provide speed optimized methods +class DownloadPermissionSetsRequest$Type extends MessageType { + constructor() { + super("authzed.api.materialize.v0.DownloadPermissionSetsRequest", [ + { no: 1, name: "optional_at_revision", kind: "message", T: () => ZedToken } + ]); + } + create(value?: PartialMessage): DownloadPermissionSetsRequest { + const message = {}; + globalThis.Object.defineProperty(message, MESSAGE_TYPE, { enumerable: false, value: this }); + if (value !== undefined) + reflectionMergePartial(this, message, value); + return message; + } + internalBinaryRead(reader: IBinaryReader, length: number, options: BinaryReadOptions, target?: DownloadPermissionSetsRequest): DownloadPermissionSetsRequest { + let message = target ?? this.create(), end = reader.pos + length; + while (reader.pos < end) { + let [fieldNo, wireType] = reader.tag(); + switch (fieldNo) { + case /* authzed.api.v1.ZedToken optional_at_revision */ 1: + message.optionalAtRevision = ZedToken.internalBinaryRead(reader, reader.uint32(), options, message.optionalAtRevision); + break; + default: + let u = options.readUnknownField; + if (u === "throw") + throw new globalThis.Error(`Unknown field ${fieldNo} (wire type ${wireType}) for ${this.typeName}`); + let d = reader.skip(wireType); + if (u !== false) + (u === true ? UnknownFieldHandler.onRead : u)(this.typeName, message, fieldNo, wireType, d); + } + } + return message; + } + internalBinaryWrite(message: DownloadPermissionSetsRequest, writer: IBinaryWriter, options: BinaryWriteOptions): IBinaryWriter { + /* authzed.api.v1.ZedToken optional_at_revision = 1; */ + if (message.optionalAtRevision) + ZedToken.internalBinaryWrite(message.optionalAtRevision, writer.tag(1, WireType.LengthDelimited).fork(), options).join(); + let u = options.writeUnknownFields; + if (u !== false) + (u == true ? UnknownFieldHandler.onWrite : u)(this.typeName, message, writer); + return writer; + } +} +/** + * @generated MessageType for protobuf message authzed.api.materialize.v0.DownloadPermissionSetsRequest + */ +export const DownloadPermissionSetsRequest = new DownloadPermissionSetsRequest$Type(); +// @generated message type with reflection information, may provide speed optimized methods +class File$Type extends MessageType { + constructor() { + super("authzed.api.materialize.v0.File", [ + { no: 1, name: "name", kind: "scalar", T: 9 /*ScalarType.STRING*/ }, + { no: 2, name: "url", kind: "scalar", T: 9 /*ScalarType.STRING*/ } + ]); + } + create(value?: PartialMessage): File { + const message = { name: "", url: "" }; + globalThis.Object.defineProperty(message, MESSAGE_TYPE, { enumerable: false, value: this }); + if (value !== undefined) + reflectionMergePartial(this, message, value); + return message; + } + internalBinaryRead(reader: IBinaryReader, length: number, options: BinaryReadOptions, target?: File): File { + let message = target ?? this.create(), end = reader.pos + length; + while (reader.pos < end) { + let [fieldNo, wireType] = reader.tag(); + switch (fieldNo) { + case /* string name */ 1: + message.name = reader.string(); + break; + case /* string url */ 2: + message.url = reader.string(); + break; + default: + let u = options.readUnknownField; + if (u === "throw") + throw new globalThis.Error(`Unknown field ${fieldNo} (wire type ${wireType}) for ${this.typeName}`); + let d = reader.skip(wireType); + if (u !== false) + (u === true ? UnknownFieldHandler.onRead : u)(this.typeName, message, fieldNo, wireType, d); + } + } + return message; + } + internalBinaryWrite(message: File, writer: IBinaryWriter, options: BinaryWriteOptions): IBinaryWriter { + /* string name = 1; */ + if (message.name !== "") + writer.tag(1, WireType.LengthDelimited).string(message.name); + /* string url = 2; */ + if (message.url !== "") + writer.tag(2, WireType.LengthDelimited).string(message.url); + let u = options.writeUnknownFields; + if (u !== false) + (u == true ? UnknownFieldHandler.onWrite : u)(this.typeName, message, writer); + return writer; + } +} +/** + * @generated MessageType for protobuf message authzed.api.materialize.v0.File + */ +export const File = new File$Type(); +// @generated message type with reflection information, may provide speed optimized methods +class DownloadPermissionSetsResponse$Type extends MessageType { + constructor() { + super("authzed.api.materialize.v0.DownloadPermissionSetsResponse", [ + { no: 1, name: "files", kind: "message", repeat: 1 /*RepeatType.PACKED*/, T: () => File } + ]); + } + create(value?: PartialMessage): DownloadPermissionSetsResponse { + const message = { files: [] }; + globalThis.Object.defineProperty(message, MESSAGE_TYPE, { enumerable: false, value: this }); + if (value !== undefined) + reflectionMergePartial(this, message, value); + return message; + } + internalBinaryRead(reader: IBinaryReader, length: number, options: BinaryReadOptions, target?: DownloadPermissionSetsResponse): DownloadPermissionSetsResponse { + let message = target ?? this.create(), end = reader.pos + length; + while (reader.pos < end) { + let [fieldNo, wireType] = reader.tag(); + switch (fieldNo) { + case /* repeated authzed.api.materialize.v0.File files */ 1: + message.files.push(File.internalBinaryRead(reader, reader.uint32(), options)); + break; + default: + let u = options.readUnknownField; + if (u === "throw") + throw new globalThis.Error(`Unknown field ${fieldNo} (wire type ${wireType}) for ${this.typeName}`); + let d = reader.skip(wireType); + if (u !== false) + (u === true ? UnknownFieldHandler.onRead : u)(this.typeName, message, fieldNo, wireType, d); + } + } + return message; + } + internalBinaryWrite(message: DownloadPermissionSetsResponse, writer: IBinaryWriter, options: BinaryWriteOptions): IBinaryWriter { + /* repeated authzed.api.materialize.v0.File files = 1; */ + for (let i = 0; i < message.files.length; i++) + File.internalBinaryWrite(message.files[i], writer.tag(1, WireType.LengthDelimited).fork(), options).join(); + let u = options.writeUnknownFields; + if (u !== false) + (u == true ? UnknownFieldHandler.onWrite : u)(this.typeName, message, writer); + return writer; + } +} +/** + * @generated MessageType for protobuf message authzed.api.materialize.v0.DownloadPermissionSetsResponse + */ +export const DownloadPermissionSetsResponse = new DownloadPermissionSetsResponse$Type(); /** * @generated ServiceType for protobuf service authzed.api.materialize.v0.WatchPermissionSetsService */ export const WatchPermissionSetsService = new ServiceType("authzed.api.materialize.v0.WatchPermissionSetsService", [ { name: "WatchPermissionSets", serverStreaming: true, options: {}, I: WatchPermissionSetsRequest, O: WatchPermissionSetsResponse }, - { name: "LookupPermissionSets", serverStreaming: true, options: {}, I: LookupPermissionSetsRequest, O: LookupPermissionSetsResponse } + { name: "LookupPermissionSets", serverStreaming: true, options: {}, I: LookupPermissionSetsRequest, O: LookupPermissionSetsResponse }, + { name: "DownloadPermissionSets", options: {}, I: DownloadPermissionSetsRequest, O: DownloadPermissionSetsResponse } ]); diff --git a/src/authzedapi/authzed/api/v1/permission_service.ts b/src/authzedapi/authzed/api/v1/permission_service.ts index 954776a..2bdc453 100644 --- a/src/authzedapi/authzed/api/v1/permission_service.ts +++ b/src/authzedapi/authzed/api/v1/permission_service.ts @@ -791,35 +791,17 @@ export interface LookupSubjectsRequest { */ context?: Struct; /** - * optional_concrete_limit, if non-zero, specifies the limit on the number of - * *concrete* (non-wildcard) subjects to return before the stream is closed on the - * server side. With the default value of zero, the stream will continue resolving - * concrete subjects until exhausted or the stream is closed due to the client or - * a network issue. - * - * NOTE: Wildcard subjects ("*") have special treatment when cursors and limits are used. Because - * wildcards can apply to *any* concrete subjects, if a wildcard subject is found within the dataset, - * a wildcard subject can be returned for *all* LookupSubjects calls, regardless of the cursor or - * limit. - * - * For example, if wildcards are requested, a wildcard subject exists, there is a specified limit - * of 10 concrete subjects, and at least 10 concrete subjects exist, the API will return 11 subjects - * in total: the 10 concrete + the wildcard - * - * Furthermore, if a wildcard has a set of exclusions generated by the dataset, - * the exclusions *will respect the cursor* and only a *partial* set of exclusions will be returned - * for each invocation of the API. - * - * ***IT IS UP TO THE CALLER IN THIS CASE TO COMBINE THE EXCLUSIONS IF DESIRED*** + * optional_concrete_limit is currently unimplemented for LookupSubjects + * and will return an error as of SpiceDB version 1.40.1. This will + * be implemented in a future version of SpiceDB. * * @generated from protobuf field: uint32 optional_concrete_limit = 7; */ optionalConcreteLimit: number; /** - * optional_cursor, if specified, indicates the cursor after which results should resume being returned. - * The cursor can be found on the LookupSubjectsResponse object. - * - * NOTE: See above for notes about how cursors interact with wildcard subjects. + * optional_cursor is currently unimplemented for LookupSubjects + * and will be ignored as of SpiceDB version 1.40.1. This will + * be implemented in a future version of SpiceDB. * * @generated from protobuf field: authzed.api.v1.Cursor optional_cursor = 8; */