diff --git a/buf.gen.yaml b/buf.gen.yaml index f343965..64c1009 100755 --- a/buf.gen.yaml +++ b/buf.gen.yaml @@ -1,4 +1,4 @@ -#!/usr/bin/env -S buf generate buf.build/authzed/api:e93c981415ea208595a50a95fa8572f6e22d1e81 --template +#!/usr/bin/env -S buf generate buf.build/authzed/api:262837a8e7451bfd9cac0518972ceaef1d0b9963 --template version: "v1" plugins: - remote: "buf.build/library/plugins/go:v1.27.1-1" diff --git a/go.mod b/go.mod index cd51d12..cf1b9ec 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,6 @@ go 1.16 require ( github.com/authzed/grpcutil v0.0.0-20210913124023-cad23ae5a9e8 github.com/envoyproxy/protoc-gen-validate v0.6.1 - github.com/golang/protobuf v1.5.2 github.com/grpc-ecosystem/grpc-gateway/v2 v2.6.0 github.com/jzelinskie/stringz v0.0.0-20210414224931-d6a8ce844a70 github.com/stretchr/testify v1.7.0 diff --git a/proto/apidocs.swagger.json b/proto/apidocs.swagger.json index c5ee77e..bae9f91 100644 --- a/proto/apidocs.swagger.json +++ b/proto/apidocs.swagger.json @@ -561,6 +561,10 @@ "type": "string" }, "description": "The Object Definitions that were requested." + }, + "computedDefinitionsRevision": { + "type": "string", + "description": "The computed revision of the returned object definitions." } }, "description": "ReadSchemaResponse is the resulting data after having read the Object\nDefinitions from a Schema." @@ -574,6 +578,10 @@ "type": "string" }, "description": "The names of the Object Definitions that were written." + }, + "computedDefinitionsRevision": { + "type": "string", + "description": "The computed revision of the written object definitions." } }, "description": "WriteSchemaResponse is the resulting data after having written a Schema to\na Permissions System." diff --git a/proto/authzed/api/v0/acl_service.pb.validate.go b/proto/authzed/api/v0/acl_service.pb.validate.go index 038ad4b..c7583d5 100644 --- a/proto/authzed/api/v0/acl_service.pb.validate.go +++ b/proto/authzed/api/v0/acl_service.pb.validate.go @@ -15,7 +15,7 @@ import ( "time" "unicode/utf8" - "github.com/golang/protobuf/ptypes" + "google.golang.org/protobuf/types/known/anypb" ) // ensure the imports are used @@ -30,7 +30,7 @@ var ( _ = time.Duration(0) _ = (*url.URL)(nil) _ = (*mail.Address)(nil) - _ = ptypes.DynamicAny{} + _ = anypb.Any{} ) // Validate checks the field values on RelationTupleFilter with the rules @@ -41,11 +41,47 @@ func (m *RelationTupleFilter) Validate() error { return nil } - // no validation rules for Namespace + if len(m.GetNamespace()) > 128 { + return RelationTupleFilterValidationError{ + field: "Namespace", + reason: "value length must be at most 128 bytes", + } + } + + if !_RelationTupleFilter_Namespace_Pattern.MatchString(m.GetNamespace()) { + return RelationTupleFilterValidationError{ + field: "Namespace", + reason: "value does not match regex pattern \"^([a-z][a-z0-9_]{2,61}[a-z0-9]/)?[a-z][a-z0-9_]{2,62}[a-z0-9]$\"", + } + } + + if len(m.GetObjectId()) > 128 { + return RelationTupleFilterValidationError{ + field: "ObjectId", + reason: "value length must be at most 128 bytes", + } + } - // no validation rules for ObjectId + if !_RelationTupleFilter_ObjectId_Pattern.MatchString(m.GetObjectId()) { + return RelationTupleFilterValidationError{ + field: "ObjectId", + reason: "value does not match regex pattern \"^([a-zA-Z0-9_][a-zA-Z0-9/_-]{0,127})?$\"", + } + } - // no validation rules for Relation + if len(m.GetRelation()) > 64 { + return RelationTupleFilterValidationError{ + field: "Relation", + reason: "value length must be at most 64 bytes", + } + } + + if !_RelationTupleFilter_Relation_Pattern.MatchString(m.GetRelation()) { + return RelationTupleFilterValidationError{ + field: "Relation", + reason: "value does not match regex pattern \"^([a-z][a-z0-9_]{2,62}[a-z0-9])?$\"", + } + } if v, ok := interface{}(m.GetUserset()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { @@ -57,6 +93,18 @@ func (m *RelationTupleFilter) Validate() error { } } + for idx, item := range m.GetFilters() { + _, _ = idx, item + + if _, ok := RelationTupleFilter_Filter_name[int32(item)]; !ok { + return RelationTupleFilterValidationError{ + field: fmt.Sprintf("Filters[%v]", idx), + reason: "value must be one of the defined enum values", + } + } + + } + return nil } @@ -116,6 +164,12 @@ var _ interface { ErrorName() string } = RelationTupleFilterValidationError{} +var _RelationTupleFilter_Namespace_Pattern = regexp.MustCompile("^([a-z][a-z0-9_]{2,61}[a-z0-9]/)?[a-z][a-z0-9_]{2,62}[a-z0-9]$") + +var _RelationTupleFilter_ObjectId_Pattern = regexp.MustCompile("^([a-zA-Z0-9_][a-zA-Z0-9/_-]{0,127})?$") + +var _RelationTupleFilter_Relation_Pattern = regexp.MustCompile("^([a-z][a-z0-9_]{2,62}[a-z0-9])?$") + // Validate checks the field values on ReadRequest with the rules defined in // the proto definition for this message. If any rules are violated, an error // is returned. @@ -124,9 +178,23 @@ func (m *ReadRequest) Validate() error { return nil } + if len(m.GetTuplesets()) < 1 { + return ReadRequestValidationError{ + field: "Tuplesets", + reason: "value must contain at least 1 item(s)", + } + } + for idx, item := range m.GetTuplesets() { _, _ = idx, item + if item == nil { + return ReadRequestValidationError{ + field: fmt.Sprintf("Tuplesets[%v]", idx), + reason: "value is required", + } + } + if v, ok := interface{}(item).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { return ReadRequestValidationError{ @@ -307,6 +375,13 @@ func (m *WriteRequest) Validate() error { for idx, item := range m.GetWriteConditions() { _, _ = idx, item + if item == nil { + return WriteRequestValidationError{ + field: fmt.Sprintf("WriteConditions[%v]", idx), + reason: "value is required", + } + } + if v, ok := interface{}(item).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { return WriteRequestValidationError{ @@ -322,6 +397,13 @@ func (m *WriteRequest) Validate() error { for idx, item := range m.GetUpdates() { _, _ = idx, item + if item == nil { + return WriteRequestValidationError{ + field: fmt.Sprintf("Updates[%v]", idx), + reason: "value is required", + } + } + if v, ok := interface{}(item).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { return WriteRequestValidationError{ @@ -474,6 +556,13 @@ func (m *CheckRequest) Validate() error { return nil } + if m.GetTestUserset() == nil { + return CheckRequestValidationError{ + field: "TestUserset", + reason: "value is required", + } + } + if v, ok := interface{}(m.GetTestUserset()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { return CheckRequestValidationError{ @@ -484,6 +573,13 @@ func (m *CheckRequest) Validate() error { } } + if m.GetUser() == nil { + return CheckRequestValidationError{ + field: "User", + reason: "value is required", + } + } + if v, ok := interface{}(m.GetUser()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { return CheckRequestValidationError{ @@ -569,6 +665,13 @@ func (m *ContentChangeCheckRequest) Validate() error { return nil } + if m.GetTestUserset() == nil { + return ContentChangeCheckRequestValidationError{ + field: "TestUserset", + reason: "value is required", + } + } + if v, ok := interface{}(m.GetTestUserset()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { return ContentChangeCheckRequestValidationError{ @@ -579,6 +682,13 @@ func (m *ContentChangeCheckRequest) Validate() error { } } + if m.GetUser() == nil { + return ContentChangeCheckRequestValidationError{ + field: "User", + reason: "value is required", + } + } + if v, ok := interface{}(m.GetUser()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { return ContentChangeCheckRequestValidationError{ @@ -735,6 +845,13 @@ func (m *ExpandRequest) Validate() error { return nil } + if m.GetUserset() == nil { + return ExpandRequestValidationError{ + field: "Userset", + reason: "value is required", + } + } + if v, ok := interface{}(m.GetUserset()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { return ExpandRequestValidationError{ diff --git a/proto/authzed/api/v0/core.pb.validate.go b/proto/authzed/api/v0/core.pb.validate.go index a8047b8..4969432 100644 --- a/proto/authzed/api/v0/core.pb.validate.go +++ b/proto/authzed/api/v0/core.pb.validate.go @@ -15,7 +15,7 @@ import ( "time" "unicode/utf8" - "github.com/golang/protobuf/ptypes" + "google.golang.org/protobuf/types/known/anypb" ) // ensure the imports are used @@ -30,7 +30,7 @@ var ( _ = time.Duration(0) _ = (*url.URL)(nil) _ = (*mail.Address)(nil) - _ = ptypes.DynamicAny{} + _ = anypb.Any{} ) // Validate checks the field values on RelationTuple with the rules defined in @@ -41,6 +41,13 @@ func (m *RelationTuple) Validate() error { return nil } + if m.GetObjectAndRelation() == nil { + return RelationTupleValidationError{ + field: "ObjectAndRelation", + reason: "value is required", + } + } + if v, ok := interface{}(m.GetObjectAndRelation()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { return RelationTupleValidationError{ @@ -51,6 +58,13 @@ func (m *RelationTuple) Validate() error { } } + if m.GetUser() == nil { + return RelationTupleValidationError{ + field: "User", + reason: "value is required", + } + } + if v, ok := interface{}(m.GetUser()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { return RelationTupleValidationError{ @@ -126,11 +140,47 @@ func (m *ObjectAndRelation) Validate() error { return nil } - // no validation rules for Namespace + if len(m.GetNamespace()) > 128 { + return ObjectAndRelationValidationError{ + field: "Namespace", + reason: "value length must be at most 128 bytes", + } + } - // no validation rules for ObjectId + if !_ObjectAndRelation_Namespace_Pattern.MatchString(m.GetNamespace()) { + return ObjectAndRelationValidationError{ + field: "Namespace", + reason: "value does not match regex pattern \"^([a-z][a-z0-9_]{2,61}[a-z0-9]/)?[a-z][a-z0-9_]{2,62}[a-z0-9]$\"", + } + } - // no validation rules for Relation + if len(m.GetObjectId()) > 128 { + return ObjectAndRelationValidationError{ + field: "ObjectId", + reason: "value length must be at most 128 bytes", + } + } + + if !_ObjectAndRelation_ObjectId_Pattern.MatchString(m.GetObjectId()) { + return ObjectAndRelationValidationError{ + field: "ObjectId", + reason: "value does not match regex pattern \"^[a-zA-Z0-9_][a-zA-Z0-9/_-]{0,127}$\"", + } + } + + if len(m.GetRelation()) > 64 { + return ObjectAndRelationValidationError{ + field: "Relation", + reason: "value length must be at most 64 bytes", + } + } + + if !_ObjectAndRelation_Relation_Pattern.MatchString(m.GetRelation()) { + return ObjectAndRelationValidationError{ + field: "Relation", + reason: "value does not match regex pattern \"^(\\\\.\\\\.\\\\.|[a-z][a-z0-9_]{2,62}[a-z0-9])$\"", + } + } return nil } @@ -191,6 +241,12 @@ var _ interface { ErrorName() string } = ObjectAndRelationValidationError{} +var _ObjectAndRelation_Namespace_Pattern = regexp.MustCompile("^([a-z][a-z0-9_]{2,61}[a-z0-9]/)?[a-z][a-z0-9_]{2,62}[a-z0-9]$") + +var _ObjectAndRelation_ObjectId_Pattern = regexp.MustCompile("^[a-zA-Z0-9_][a-zA-Z0-9/_-]{0,127}$") + +var _ObjectAndRelation_Relation_Pattern = regexp.MustCompile("^(\\.\\.\\.|[a-z][a-z0-9_]{2,62}[a-z0-9])$") + // Validate checks the field values on RelationReference with the rules defined // in the proto definition for this message. If any rules are violated, an // error is returned. @@ -199,9 +255,33 @@ func (m *RelationReference) Validate() error { return nil } - // no validation rules for Namespace + if len(m.GetNamespace()) > 128 { + return RelationReferenceValidationError{ + field: "Namespace", + reason: "value length must be at most 128 bytes", + } + } + + if !_RelationReference_Namespace_Pattern.MatchString(m.GetNamespace()) { + return RelationReferenceValidationError{ + field: "Namespace", + reason: "value does not match regex pattern \"^([a-z][a-z0-9_]{2,61}[a-z0-9]/)?[a-z][a-z0-9_]{2,62}[a-z0-9]$\"", + } + } + + if len(m.GetRelation()) > 64 { + return RelationReferenceValidationError{ + field: "Relation", + reason: "value length must be at most 64 bytes", + } + } - // no validation rules for Relation + if !_RelationReference_Relation_Pattern.MatchString(m.GetRelation()) { + return RelationReferenceValidationError{ + field: "Relation", + reason: "value does not match regex pattern \"^(\\\\.\\\\.\\\\.|[a-z][a-z0-9_]{2,62}[a-z0-9])$\"", + } + } return nil } @@ -262,6 +342,10 @@ var _ interface { ErrorName() string } = RelationReferenceValidationError{} +var _RelationReference_Namespace_Pattern = regexp.MustCompile("^([a-z][a-z0-9_]{2,61}[a-z0-9]/)?[a-z][a-z0-9_]{2,62}[a-z0-9]$") + +var _RelationReference_Relation_Pattern = regexp.MustCompile("^(\\.\\.\\.|[a-z][a-z0-9_]{2,62}[a-z0-9])$") + // Validate checks the field values on User with the rules defined in the proto // definition for this message. If any rules are violated, an error is returned. func (m *User) Validate() error { @@ -273,6 +357,13 @@ func (m *User) Validate() error { case *User_Userset: + if m.GetUserset() == nil { + return UserValidationError{ + field: "Userset", + reason: "value is required", + } + } + if v, ok := interface{}(m.GetUserset()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { return UserValidationError{ @@ -283,6 +374,12 @@ func (m *User) Validate() error { } } + default: + return UserValidationError{ + field: "UserOneof", + reason: "value is required", + } + } return nil @@ -349,7 +446,12 @@ func (m *Zookie) Validate() error { return nil } - // no validation rules for Token + if len(m.GetToken()) < 1 { + return ZookieValidationError{ + field: "Token", + reason: "value length must be at least 1 bytes", + } + } return nil } @@ -416,7 +518,19 @@ func (m *RelationTupleUpdate) Validate() error { return nil } - // no validation rules for Operation + if _, ok := RelationTupleUpdate_Operation_name[int32(m.GetOperation())]; !ok { + return RelationTupleUpdateValidationError{ + field: "Operation", + reason: "value must be one of the defined enum values", + } + } + + if m.GetTuple() == nil { + return RelationTupleUpdateValidationError{ + field: "Tuple", + reason: "value is required", + } + } if v, ok := interface{}(m.GetTuple()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { diff --git a/proto/authzed/api/v0/developer.pb.validate.go b/proto/authzed/api/v0/developer.pb.validate.go index 8876718..e60674c 100644 --- a/proto/authzed/api/v0/developer.pb.validate.go +++ b/proto/authzed/api/v0/developer.pb.validate.go @@ -15,7 +15,7 @@ import ( "time" "unicode/utf8" - "github.com/golang/protobuf/ptypes" + "google.golang.org/protobuf/types/known/anypb" ) // ensure the imports are used @@ -30,7 +30,7 @@ var ( _ = time.Duration(0) _ = (*url.URL)(nil) _ = (*mail.Address)(nil) - _ = ptypes.DynamicAny{} + _ = anypb.Any{} ) // Validate checks the field values on FormatSchemaRequest with the rules diff --git a/proto/authzed/api/v0/namespace.pb.validate.go b/proto/authzed/api/v0/namespace.pb.validate.go index 1e06fad..d4d9e42 100644 --- a/proto/authzed/api/v0/namespace.pb.validate.go +++ b/proto/authzed/api/v0/namespace.pb.validate.go @@ -15,7 +15,7 @@ import ( "time" "unicode/utf8" - "github.com/golang/protobuf/ptypes" + "google.golang.org/protobuf/types/known/anypb" ) // ensure the imports are used @@ -30,7 +30,7 @@ var ( _ = time.Duration(0) _ = (*url.URL)(nil) _ = (*mail.Address)(nil) - _ = ptypes.DynamicAny{} + _ = anypb.Any{} ) // Validate checks the field values on Metadata with the rules defined in the @@ -40,17 +40,32 @@ func (m *Metadata) Validate() error { return nil } + if len(m.GetMetadataMessage()) < 1 { + return MetadataValidationError{ + field: "MetadataMessage", + reason: "value must contain at least 1 item(s)", + } + } + for idx, item := range m.GetMetadataMessage() { _, _ = idx, item - if v, ok := interface{}(item).(interface{ Validate() error }); ok { - if err := v.Validate(); err != nil { + if item == nil { + return MetadataValidationError{ + field: fmt.Sprintf("MetadataMessage[%v]", idx), + reason: "value is required", + } + } + + if a := item; a != nil { + + if _, ok := _Metadata_MetadataMessage_InLookup[a.GetTypeUrl()]; !ok { return MetadataValidationError{ field: fmt.Sprintf("MetadataMessage[%v]", idx), - reason: "embedded message failed validation", - cause: err, + reason: "type URL must be in list [type.googleapis.com/impl.v1.DocComment type.googleapis.com/impl.v1.RelationMetadata]", } } + } } @@ -120,7 +135,19 @@ func (m *NamespaceDefinition) Validate() error { return nil } - // no validation rules for Name + if len(m.GetName()) > 128 { + return NamespaceDefinitionValidationError{ + field: "Name", + reason: "value length must be at most 128 bytes", + } + } + + if !_NamespaceDefinition_Name_Pattern.MatchString(m.GetName()) { + return NamespaceDefinitionValidationError{ + field: "Name", + reason: "value does not match regex pattern \"^([a-z][a-z0-9_]{2,62}[a-z0-9]/)?[a-z][a-z0-9_]{2,62}[a-z0-9]$\"", + } + } for idx, item := range m.GetRelation() { _, _ = idx, item @@ -206,6 +233,8 @@ var _ interface { ErrorName() string } = NamespaceDefinitionValidationError{} +var _NamespaceDefinition_Name_Pattern = regexp.MustCompile("^([a-z][a-z0-9_]{2,62}[a-z0-9]/)?[a-z][a-z0-9_]{2,62}[a-z0-9]$") + // Validate checks the field values on Relation with the rules defined in the // proto definition for this message. If any rules are violated, an error is returned. func (m *Relation) Validate() error { @@ -213,7 +242,19 @@ func (m *Relation) Validate() error { return nil } - // no validation rules for Name + if len(m.GetName()) > 64 { + return RelationValidationError{ + field: "Name", + reason: "value length must be at most 64 bytes", + } + } + + if !_Relation_Name_Pattern.MatchString(m.GetName()) { + return RelationValidationError{ + field: "Name", + reason: "value does not match regex pattern \"^[a-z][a-z0-9_]{2,62}[a-z0-9]$\"", + } + } if v, ok := interface{}(m.GetUsersetRewrite()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { @@ -302,6 +343,8 @@ var _ interface { ErrorName() string } = RelationValidationError{} +var _Relation_Name_Pattern = regexp.MustCompile("^[a-z][a-z0-9_]{2,62}[a-z0-9]$") + // Validate checks the field values on TypeInformation with the rules defined // in the proto definition for this message. If any rules are violated, an // error is returned. @@ -394,6 +437,13 @@ func (m *UsersetRewrite) Validate() error { case *UsersetRewrite_Union: + if m.GetUnion() == nil { + return UsersetRewriteValidationError{ + field: "Union", + reason: "value is required", + } + } + if v, ok := interface{}(m.GetUnion()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { return UsersetRewriteValidationError{ @@ -406,6 +456,13 @@ func (m *UsersetRewrite) Validate() error { case *UsersetRewrite_Intersection: + if m.GetIntersection() == nil { + return UsersetRewriteValidationError{ + field: "Intersection", + reason: "value is required", + } + } + if v, ok := interface{}(m.GetIntersection()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { return UsersetRewriteValidationError{ @@ -418,6 +475,13 @@ func (m *UsersetRewrite) Validate() error { case *UsersetRewrite_Exclusion: + if m.GetExclusion() == nil { + return UsersetRewriteValidationError{ + field: "Exclusion", + reason: "value is required", + } + } + if v, ok := interface{}(m.GetExclusion()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { return UsersetRewriteValidationError{ @@ -428,6 +492,12 @@ func (m *UsersetRewrite) Validate() error { } } + default: + return UsersetRewriteValidationError{ + field: "RewriteOperation", + reason: "value is required", + } + } return nil @@ -495,9 +565,23 @@ func (m *SetOperation) Validate() error { return nil } + if len(m.GetChild()) < 1 { + return SetOperationValidationError{ + field: "Child", + reason: "value must contain at least 1 item(s)", + } + } + for idx, item := range m.GetChild() { _, _ = idx, item + if item == nil { + return SetOperationValidationError{ + field: fmt.Sprintf("Child[%v]", idx), + reason: "value is required", + } + } + if v, ok := interface{}(item).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { return SetOperationValidationError{ @@ -575,6 +659,13 @@ func (m *TupleToUserset) Validate() error { return nil } + if m.GetTupleset() == nil { + return TupleToUsersetValidationError{ + field: "Tupleset", + reason: "value is required", + } + } + if v, ok := interface{}(m.GetTupleset()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { return TupleToUsersetValidationError{ @@ -585,6 +676,13 @@ func (m *TupleToUserset) Validate() error { } } + if m.GetComputedUserset() == nil { + return TupleToUsersetValidationError{ + field: "ComputedUserset", + reason: "value is required", + } + } + if v, ok := interface{}(m.GetComputedUserset()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { return TupleToUsersetValidationError{ @@ -660,9 +758,26 @@ func (m *ComputedUserset) Validate() error { return nil } - // no validation rules for Object + if _, ok := ComputedUserset_Object_name[int32(m.GetObject())]; !ok { + return ComputedUsersetValidationError{ + field: "Object", + reason: "value must be one of the defined enum values", + } + } - // no validation rules for Relation + if len(m.GetRelation()) > 64 { + return ComputedUsersetValidationError{ + field: "Relation", + reason: "value length must be at most 64 bytes", + } + } + + if !_ComputedUserset_Relation_Pattern.MatchString(m.GetRelation()) { + return ComputedUsersetValidationError{ + field: "Relation", + reason: "value does not match regex pattern \"^[a-z][a-z0-9_]{2,62}[a-z0-9]$\"", + } + } return nil } @@ -721,6 +836,8 @@ var _ interface { ErrorName() string } = ComputedUsersetValidationError{} +var _ComputedUserset_Relation_Pattern = regexp.MustCompile("^[a-z][a-z0-9_]{2,62}[a-z0-9]$") + // Validate checks the field values on SetOperation_Child with the rules // defined in the proto definition for this message. If any rules are // violated, an error is returned. @@ -745,6 +862,13 @@ func (m *SetOperation_Child) Validate() error { case *SetOperation_Child_ComputedUserset: + if m.GetComputedUserset() == nil { + return SetOperation_ChildValidationError{ + field: "ComputedUserset", + reason: "value is required", + } + } + if v, ok := interface{}(m.GetComputedUserset()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { return SetOperation_ChildValidationError{ @@ -757,6 +881,13 @@ func (m *SetOperation_Child) Validate() error { case *SetOperation_Child_TupleToUserset: + if m.GetTupleToUserset() == nil { + return SetOperation_ChildValidationError{ + field: "TupleToUserset", + reason: "value is required", + } + } + if v, ok := interface{}(m.GetTupleToUserset()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { return SetOperation_ChildValidationError{ @@ -769,6 +900,13 @@ func (m *SetOperation_Child) Validate() error { case *SetOperation_Child_UsersetRewrite: + if m.GetUsersetRewrite() == nil { + return SetOperation_ChildValidationError{ + field: "UsersetRewrite", + reason: "value is required", + } + } + if v, ok := interface{}(m.GetUsersetRewrite()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { return SetOperation_ChildValidationError{ @@ -779,6 +917,12 @@ func (m *SetOperation_Child) Validate() error { } } + default: + return SetOperation_ChildValidationError{ + field: "ChildType", + reason: "value is required", + } + } return nil @@ -915,7 +1059,19 @@ func (m *TupleToUserset_Tupleset) Validate() error { return nil } - // no validation rules for Relation + if len(m.GetRelation()) > 64 { + return TupleToUserset_TuplesetValidationError{ + field: "Relation", + reason: "value length must be at most 64 bytes", + } + } + + if !_TupleToUserset_Tupleset_Relation_Pattern.MatchString(m.GetRelation()) { + return TupleToUserset_TuplesetValidationError{ + field: "Relation", + reason: "value does not match regex pattern \"^[a-z][a-z0-9_]{2,62}[a-z0-9]$\"", + } + } return nil } @@ -975,3 +1131,5 @@ var _ interface { Cause() error ErrorName() string } = TupleToUserset_TuplesetValidationError{} + +var _TupleToUserset_Tupleset_Relation_Pattern = regexp.MustCompile("^[a-z][a-z0-9_]{2,62}[a-z0-9]$") diff --git a/proto/authzed/api/v0/namespace_service.pb.validate.go b/proto/authzed/api/v0/namespace_service.pb.validate.go index 7e1b3ab..431fa3a 100644 --- a/proto/authzed/api/v0/namespace_service.pb.validate.go +++ b/proto/authzed/api/v0/namespace_service.pb.validate.go @@ -15,7 +15,7 @@ import ( "time" "unicode/utf8" - "github.com/golang/protobuf/ptypes" + "google.golang.org/protobuf/types/known/anypb" ) // ensure the imports are used @@ -30,7 +30,7 @@ var ( _ = time.Duration(0) _ = (*url.URL)(nil) _ = (*mail.Address)(nil) - _ = ptypes.DynamicAny{} + _ = anypb.Any{} ) // Validate checks the field values on ReadConfigRequest with the rules defined @@ -41,7 +41,19 @@ func (m *ReadConfigRequest) Validate() error { return nil } - // no validation rules for Namespace + if len(m.GetNamespace()) > 128 { + return ReadConfigRequestValidationError{ + field: "Namespace", + reason: "value length must be at most 128 bytes", + } + } + + if !_ReadConfigRequest_Namespace_Pattern.MatchString(m.GetNamespace()) { + return ReadConfigRequestValidationError{ + field: "Namespace", + reason: "value does not match regex pattern \"^([a-z][a-z0-9_]{2,62}[a-z0-9]/)?[a-z][a-z0-9_]{2,62}[a-z0-9]$\"", + } + } if v, ok := interface{}(m.GetAtRevision()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { @@ -112,6 +124,8 @@ var _ interface { ErrorName() string } = ReadConfigRequestValidationError{} +var _ReadConfigRequest_Namespace_Pattern = regexp.MustCompile("^([a-z][a-z0-9_]{2,62}[a-z0-9]/)?[a-z][a-z0-9_]{2,62}[a-z0-9]$") + // Validate checks the field values on ReadConfigResponse with the rules // defined in the proto definition for this message. If any rules are // violated, an error is returned. @@ -209,9 +223,23 @@ func (m *WriteConfigRequest) Validate() error { return nil } + if len(m.GetConfigs()) < 1 { + return WriteConfigRequestValidationError{ + field: "Configs", + reason: "value must contain at least 1 item(s)", + } + } + for idx, item := range m.GetConfigs() { _, _ = idx, item + if item == nil { + return WriteConfigRequestValidationError{ + field: fmt.Sprintf("Configs[%v]", idx), + reason: "value is required", + } + } + if v, ok := interface{}(item).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { return WriteConfigRequestValidationError{ @@ -368,6 +396,32 @@ func (m *DeleteConfigsRequest) Validate() error { return nil } + if len(m.GetNamespaces()) < 1 { + return DeleteConfigsRequestValidationError{ + field: "Namespaces", + reason: "value must contain at least 1 item(s)", + } + } + + for idx, item := range m.GetNamespaces() { + _, _ = idx, item + + if len(item) > 128 { + return DeleteConfigsRequestValidationError{ + field: fmt.Sprintf("Namespaces[%v]", idx), + reason: "value length must be at most 128 bytes", + } + } + + if !_DeleteConfigsRequest_Namespaces_Pattern.MatchString(item) { + return DeleteConfigsRequestValidationError{ + field: fmt.Sprintf("Namespaces[%v]", idx), + reason: "value does not match regex pattern \"^([a-z][a-z0-9_]{2,62}[a-z0-9]/)?[a-z][a-z0-9_]{2,62}[a-z0-9]$\"", + } + } + + } + return nil } @@ -427,6 +481,8 @@ var _ interface { ErrorName() string } = DeleteConfigsRequestValidationError{} +var _DeleteConfigsRequest_Namespaces_Pattern = regexp.MustCompile("^([a-z][a-z0-9_]{2,62}[a-z0-9]/)?[a-z][a-z0-9_]{2,62}[a-z0-9]$") + // Validate checks the field values on DeleteConfigsResponse with the rules // defined in the proto definition for this message. If any rules are // violated, an error is returned. diff --git a/proto/authzed/api/v0/watch_service.pb.validate.go b/proto/authzed/api/v0/watch_service.pb.validate.go index 089e615..23d1ee1 100644 --- a/proto/authzed/api/v0/watch_service.pb.validate.go +++ b/proto/authzed/api/v0/watch_service.pb.validate.go @@ -15,7 +15,7 @@ import ( "time" "unicode/utf8" - "github.com/golang/protobuf/ptypes" + "google.golang.org/protobuf/types/known/anypb" ) // ensure the imports are used @@ -30,7 +30,7 @@ var ( _ = time.Duration(0) _ = (*url.URL)(nil) _ = (*mail.Address)(nil) - _ = ptypes.DynamicAny{} + _ = anypb.Any{} ) // Validate checks the field values on WatchRequest with the rules defined in @@ -41,6 +41,32 @@ func (m *WatchRequest) Validate() error { return nil } + if len(m.GetNamespaces()) < 1 { + return WatchRequestValidationError{ + field: "Namespaces", + reason: "value must contain at least 1 item(s)", + } + } + + for idx, item := range m.GetNamespaces() { + _, _ = idx, item + + if len(item) > 128 { + return WatchRequestValidationError{ + field: fmt.Sprintf("Namespaces[%v]", idx), + reason: "value length must be at most 128 bytes", + } + } + + if !_WatchRequest_Namespaces_Pattern.MatchString(item) { + return WatchRequestValidationError{ + field: fmt.Sprintf("Namespaces[%v]", idx), + reason: "value does not match regex pattern \"^([a-z][a-z0-9_]{2,62}[a-z0-9]/)?[a-z][a-z0-9_]{2,62}[a-z0-9]$\"", + } + } + + } + if v, ok := interface{}(m.GetStartRevision()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { return WatchRequestValidationError{ @@ -108,6 +134,8 @@ var _ interface { ErrorName() string } = WatchRequestValidationError{} +var _WatchRequest_Namespaces_Pattern = regexp.MustCompile("^([a-z][a-z0-9_]{2,62}[a-z0-9]/)?[a-z][a-z0-9_]{2,62}[a-z0-9]$") + // Validate checks the field values on WatchResponse with the rules defined in // the proto definition for this message. If any rules are violated, an error // is returned. diff --git a/proto/authzed/api/v1/core.pb.validate.go b/proto/authzed/api/v1/core.pb.validate.go index 2e23b1a..d4b2600 100644 --- a/proto/authzed/api/v1/core.pb.validate.go +++ b/proto/authzed/api/v1/core.pb.validate.go @@ -15,7 +15,7 @@ import ( "time" "unicode/utf8" - "github.com/golang/protobuf/ptypes" + "google.golang.org/protobuf/types/known/anypb" ) // ensure the imports are used @@ -30,7 +30,7 @@ var ( _ = time.Duration(0) _ = (*url.URL)(nil) _ = (*mail.Address)(nil) - _ = ptypes.DynamicAny{} + _ = anypb.Any{} ) // Validate checks the field values on Relationship with the rules defined in @@ -41,6 +41,13 @@ func (m *Relationship) Validate() error { return nil } + if m.GetResource() == nil { + return RelationshipValidationError{ + field: "Resource", + reason: "value is required", + } + } + if v, ok := interface{}(m.GetResource()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { return RelationshipValidationError{ @@ -51,7 +58,26 @@ func (m *Relationship) Validate() error { } } - // no validation rules for Relation + if len(m.GetRelation()) > 64 { + return RelationshipValidationError{ + field: "Relation", + reason: "value length must be at most 64 bytes", + } + } + + if !_Relationship_Relation_Pattern.MatchString(m.GetRelation()) { + return RelationshipValidationError{ + field: "Relation", + reason: "value does not match regex pattern \"^[a-z][a-z0-9_]{2,62}[a-z0-9]$\"", + } + } + + if m.GetSubject() == nil { + return RelationshipValidationError{ + field: "Subject", + reason: "value is required", + } + } if v, ok := interface{}(m.GetSubject()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { @@ -120,6 +146,8 @@ var _ interface { ErrorName() string } = RelationshipValidationError{} +var _Relationship_Relation_Pattern = regexp.MustCompile("^[a-z][a-z0-9_]{2,62}[a-z0-9]$") + // Validate checks the field values on SubjectReference with the rules defined // in the proto definition for this message. If any rules are violated, an // error is returned. @@ -138,7 +166,19 @@ func (m *SubjectReference) Validate() error { } } - // no validation rules for OptionalRelation + if len(m.GetOptionalRelation()) > 64 { + return SubjectReferenceValidationError{ + field: "OptionalRelation", + reason: "value length must be at most 64 bytes", + } + } + + if !_SubjectReference_OptionalRelation_Pattern.MatchString(m.GetOptionalRelation()) { + return SubjectReferenceValidationError{ + field: "OptionalRelation", + reason: "value does not match regex pattern \"^([a-z][a-z0-9_]{2,62}[a-z0-9])?$\"", + } + } return nil } @@ -197,6 +237,8 @@ var _ interface { ErrorName() string } = SubjectReferenceValidationError{} +var _SubjectReference_OptionalRelation_Pattern = regexp.MustCompile("^([a-z][a-z0-9_]{2,62}[a-z0-9])?$") + // Validate checks the field values on ObjectReference with the rules defined // in the proto definition for this message. If any rules are violated, an // error is returned. @@ -205,9 +247,33 @@ func (m *ObjectReference) Validate() error { return nil } - // no validation rules for ObjectType + if len(m.GetObjectType()) > 128 { + return ObjectReferenceValidationError{ + field: "ObjectType", + reason: "value length must be at most 128 bytes", + } + } + + if !_ObjectReference_ObjectType_Pattern.MatchString(m.GetObjectType()) { + return ObjectReferenceValidationError{ + field: "ObjectType", + reason: "value does not match regex pattern \"^([a-z][a-z0-9_]{2,61}[a-z0-9]/)?[a-z][a-z0-9_]{2,62}[a-z0-9]$\"", + } + } + + if len(m.GetObjectId()) > 128 { + return ObjectReferenceValidationError{ + field: "ObjectId", + reason: "value length must be at most 128 bytes", + } + } - // no validation rules for ObjectId + if !_ObjectReference_ObjectId_Pattern.MatchString(m.GetObjectId()) { + return ObjectReferenceValidationError{ + field: "ObjectId", + reason: "value does not match regex pattern \"^[a-zA-Z0-9_][a-zA-Z0-9/_-]{0,127}$\"", + } + } return nil } @@ -266,6 +332,10 @@ var _ interface { ErrorName() string } = ObjectReferenceValidationError{} +var _ObjectReference_ObjectType_Pattern = regexp.MustCompile("^([a-z][a-z0-9_]{2,61}[a-z0-9]/)?[a-z][a-z0-9_]{2,62}[a-z0-9]$") + +var _ObjectReference_ObjectId_Pattern = regexp.MustCompile("^[a-zA-Z0-9_][a-zA-Z0-9/_-]{0,127}$") + // Validate checks the field values on ZedToken with the rules defined in the // proto definition for this message. If any rules are violated, an error is returned. func (m *ZedToken) Validate() error { @@ -273,7 +343,12 @@ func (m *ZedToken) Validate() error { return nil } - // no validation rules for Token + if len(m.GetToken()) < 1 { + return ZedTokenValidationError{ + field: "Token", + reason: "value length must be at least 1 bytes", + } + } return nil } @@ -340,7 +415,19 @@ func (m *RelationshipUpdate) Validate() error { return nil } - // no validation rules for Operation + if _, ok := RelationshipUpdate_Operation_name[int32(m.GetOperation())]; !ok { + return RelationshipUpdateValidationError{ + field: "Operation", + reason: "value must be one of the defined enum values", + } + } + + if m.GetRelationship() == nil { + return RelationshipUpdateValidationError{ + field: "Relationship", + reason: "value is required", + } + } if v, ok := interface{}(m.GetRelationship()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { @@ -457,6 +544,12 @@ func (m *PermissionRelationshipTree) Validate() error { } } + default: + return PermissionRelationshipTreeValidationError{ + field: "TreeType", + reason: "value is required", + } + } return nil diff --git a/proto/authzed/api/v1/openapi.pb.validate.go b/proto/authzed/api/v1/openapi.pb.validate.go index 18c3062..6c52268 100644 --- a/proto/authzed/api/v1/openapi.pb.validate.go +++ b/proto/authzed/api/v1/openapi.pb.validate.go @@ -15,7 +15,7 @@ import ( "time" "unicode/utf8" - "github.com/golang/protobuf/ptypes" + "google.golang.org/protobuf/types/known/anypb" ) // ensure the imports are used @@ -30,5 +30,5 @@ var ( _ = time.Duration(0) _ = (*url.URL)(nil) _ = (*mail.Address)(nil) - _ = ptypes.DynamicAny{} + _ = anypb.Any{} ) diff --git a/proto/authzed/api/v1/permission_service.pb.validate.go b/proto/authzed/api/v1/permission_service.pb.validate.go index cb64b2d..fd06cc0 100644 --- a/proto/authzed/api/v1/permission_service.pb.validate.go +++ b/proto/authzed/api/v1/permission_service.pb.validate.go @@ -15,7 +15,7 @@ import ( "time" "unicode/utf8" - "github.com/golang/protobuf/ptypes" + "google.golang.org/protobuf/types/known/anypb" ) // ensure the imports are used @@ -30,7 +30,7 @@ var ( _ = time.Duration(0) _ = (*url.URL)(nil) _ = (*mail.Address)(nil) - _ = ptypes.DynamicAny{} + _ = anypb.Any{} ) // Validate checks the field values on Consistency with the rules defined in @@ -44,7 +44,13 @@ func (m *Consistency) Validate() error { switch m.Requirement.(type) { case *Consistency_MinimizeLatency: - // no validation rules for MinimizeLatency + + if m.GetMinimizeLatency() != true { + return ConsistencyValidationError{ + field: "MinimizeLatency", + reason: "value must equal true", + } + } case *Consistency_AtLeastAsFresh: @@ -71,7 +77,19 @@ func (m *Consistency) Validate() error { } case *Consistency_FullyConsistent: - // no validation rules for FullyConsistent + + if m.GetFullyConsistent() != true { + return ConsistencyValidationError{ + field: "FullyConsistent", + reason: "value must equal true", + } + } + + default: + return ConsistencyValidationError{ + field: "Requirement", + reason: "value is required", + } } @@ -140,11 +158,47 @@ func (m *RelationshipFilter) Validate() error { return nil } - // no validation rules for ResourceType + if len(m.GetResourceType()) > 128 { + return RelationshipFilterValidationError{ + field: "ResourceType", + reason: "value length must be at most 128 bytes", + } + } + + if !_RelationshipFilter_ResourceType_Pattern.MatchString(m.GetResourceType()) { + return RelationshipFilterValidationError{ + field: "ResourceType", + reason: "value does not match regex pattern \"^([a-z][a-z0-9_]{2,61}[a-z0-9]/)?[a-z][a-z0-9_]{2,62}[a-z0-9]$\"", + } + } + + if len(m.GetOptionalResourceId()) > 128 { + return RelationshipFilterValidationError{ + field: "OptionalResourceId", + reason: "value length must be at most 128 bytes", + } + } - // no validation rules for OptionalResourceId + if !_RelationshipFilter_OptionalResourceId_Pattern.MatchString(m.GetOptionalResourceId()) { + return RelationshipFilterValidationError{ + field: "OptionalResourceId", + reason: "value does not match regex pattern \"^([a-zA-Z0-9_][a-zA-Z0-9/_-]{0,127})?$\"", + } + } - // no validation rules for OptionalRelation + if len(m.GetOptionalRelation()) > 64 { + return RelationshipFilterValidationError{ + field: "OptionalRelation", + reason: "value length must be at most 64 bytes", + } + } + + if !_RelationshipFilter_OptionalRelation_Pattern.MatchString(m.GetOptionalRelation()) { + return RelationshipFilterValidationError{ + field: "OptionalRelation", + reason: "value does not match regex pattern \"^([a-z][a-z0-9_]{2,62}[a-z0-9])?$\"", + } + } if v, ok := interface{}(m.GetOptionalSubjectFilter()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { @@ -215,6 +269,12 @@ var _ interface { ErrorName() string } = RelationshipFilterValidationError{} +var _RelationshipFilter_ResourceType_Pattern = regexp.MustCompile("^([a-z][a-z0-9_]{2,61}[a-z0-9]/)?[a-z][a-z0-9_]{2,62}[a-z0-9]$") + +var _RelationshipFilter_OptionalResourceId_Pattern = regexp.MustCompile("^([a-zA-Z0-9_][a-zA-Z0-9/_-]{0,127})?$") + +var _RelationshipFilter_OptionalRelation_Pattern = regexp.MustCompile("^([a-z][a-z0-9_]{2,62}[a-z0-9])?$") + // Validate checks the field values on SubjectFilter with the rules defined in // the proto definition for this message. If any rules are violated, an error // is returned. @@ -223,9 +283,33 @@ func (m *SubjectFilter) Validate() error { return nil } - // no validation rules for SubjectType + if len(m.GetSubjectType()) > 128 { + return SubjectFilterValidationError{ + field: "SubjectType", + reason: "value length must be at most 128 bytes", + } + } - // no validation rules for OptionalSubjectId + if !_SubjectFilter_SubjectType_Pattern.MatchString(m.GetSubjectType()) { + return SubjectFilterValidationError{ + field: "SubjectType", + reason: "value does not match regex pattern \"^([a-z][a-z0-9_]{2,61}[a-z0-9]/)?[a-z][a-z0-9_]{2,62}[a-z0-9]$\"", + } + } + + if len(m.GetOptionalSubjectId()) > 128 { + return SubjectFilterValidationError{ + field: "OptionalSubjectId", + reason: "value length must be at most 128 bytes", + } + } + + if !_SubjectFilter_OptionalSubjectId_Pattern.MatchString(m.GetOptionalSubjectId()) { + return SubjectFilterValidationError{ + field: "OptionalSubjectId", + reason: "value does not match regex pattern \"^([a-zA-Z0-9_][a-zA-Z0-9/_-]{0,127})?$\"", + } + } if v, ok := interface{}(m.GetOptionalRelation()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { @@ -294,6 +378,10 @@ var _ interface { ErrorName() string } = SubjectFilterValidationError{} +var _SubjectFilter_SubjectType_Pattern = regexp.MustCompile("^([a-z][a-z0-9_]{2,61}[a-z0-9]/)?[a-z][a-z0-9_]{2,62}[a-z0-9]$") + +var _SubjectFilter_OptionalSubjectId_Pattern = regexp.MustCompile("^([a-zA-Z0-9_][a-zA-Z0-9/_-]{0,127})?$") + // Validate checks the field values on ReadRelationshipsRequest with the rules // defined in the proto definition for this message. If any rules are // violated, an error is returned. @@ -312,6 +400,13 @@ func (m *ReadRelationshipsRequest) Validate() error { } } + if m.GetRelationshipFilter() == nil { + return ReadRelationshipsRequestValidationError{ + field: "RelationshipFilter", + reason: "value is required", + } + } + if v, ok := interface{}(m.GetRelationshipFilter()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { return ReadRelationshipsRequestValidationError{ @@ -476,7 +571,19 @@ func (m *Precondition) Validate() error { return nil } - // no validation rules for Operation + if _, ok := Precondition_Operation_name[int32(m.GetOperation())]; !ok { + return PreconditionValidationError{ + field: "Operation", + reason: "value must be one of the defined enum values", + } + } + + if m.GetFilter() == nil { + return PreconditionValidationError{ + field: "Filter", + reason: "value is required", + } + } if v, ok := interface{}(m.GetFilter()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { @@ -556,6 +663,13 @@ func (m *WriteRelationshipsRequest) Validate() error { for idx, item := range m.GetUpdates() { _, _ = idx, item + if item == nil { + return WriteRelationshipsRequestValidationError{ + field: fmt.Sprintf("Updates[%v]", idx), + reason: "value is required", + } + } + if v, ok := interface{}(item).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { return WriteRelationshipsRequestValidationError{ @@ -571,6 +685,13 @@ func (m *WriteRelationshipsRequest) Validate() error { for idx, item := range m.GetOptionalPreconditions() { _, _ = idx, item + if item == nil { + return WriteRelationshipsRequestValidationError{ + field: fmt.Sprintf("OptionalPreconditions[%v]", idx), + reason: "value is required", + } + } + if v, ok := interface{}(item).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { return WriteRelationshipsRequestValidationError{ @@ -727,6 +848,13 @@ func (m *DeleteRelationshipsRequest) Validate() error { return nil } + if m.GetRelationshipFilter() == nil { + return DeleteRelationshipsRequestValidationError{ + field: "RelationshipFilter", + reason: "value is required", + } + } + if v, ok := interface{}(m.GetRelationshipFilter()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { return DeleteRelationshipsRequestValidationError{ @@ -740,6 +868,13 @@ func (m *DeleteRelationshipsRequest) Validate() error { for idx, item := range m.GetOptionalPreconditions() { _, _ = idx, item + if item == nil { + return DeleteRelationshipsRequestValidationError{ + field: fmt.Sprintf("OptionalPreconditions[%v]", idx), + reason: "value is required", + } + } + if v, ok := interface{}(item).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { return DeleteRelationshipsRequestValidationError{ @@ -907,6 +1042,13 @@ func (m *CheckPermissionRequest) Validate() error { } } + if m.GetResource() == nil { + return CheckPermissionRequestValidationError{ + field: "Resource", + reason: "value is required", + } + } + if v, ok := interface{}(m.GetResource()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { return CheckPermissionRequestValidationError{ @@ -917,7 +1059,26 @@ func (m *CheckPermissionRequest) Validate() error { } } - // no validation rules for Permission + if len(m.GetPermission()) > 64 { + return CheckPermissionRequestValidationError{ + field: "Permission", + reason: "value length must be at most 64 bytes", + } + } + + if !_CheckPermissionRequest_Permission_Pattern.MatchString(m.GetPermission()) { + return CheckPermissionRequestValidationError{ + field: "Permission", + reason: "value does not match regex pattern \"^([a-z][a-z0-9_]{2,62}[a-z0-9])?$\"", + } + } + + if m.GetSubject() == nil { + return CheckPermissionRequestValidationError{ + field: "Subject", + reason: "value is required", + } + } if v, ok := interface{}(m.GetSubject()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { @@ -988,6 +1149,8 @@ var _ interface { ErrorName() string } = CheckPermissionRequestValidationError{} +var _CheckPermissionRequest_Permission_Pattern = regexp.MustCompile("^([a-z][a-z0-9_]{2,62}[a-z0-9])?$") + // Validate checks the field values on CheckPermissionResponse with the rules // defined in the proto definition for this message. If any rules are // violated, an error is returned. @@ -1085,6 +1248,13 @@ func (m *ExpandPermissionTreeRequest) Validate() error { } } + if m.GetResource() == nil { + return ExpandPermissionTreeRequestValidationError{ + field: "Resource", + reason: "value is required", + } + } + if v, ok := interface{}(m.GetResource()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { return ExpandPermissionTreeRequestValidationError{ @@ -1095,7 +1265,19 @@ func (m *ExpandPermissionTreeRequest) Validate() error { } } - // no validation rules for Permission + if len(m.GetPermission()) > 64 { + return ExpandPermissionTreeRequestValidationError{ + field: "Permission", + reason: "value length must be at most 64 bytes", + } + } + + if !_ExpandPermissionTreeRequest_Permission_Pattern.MatchString(m.GetPermission()) { + return ExpandPermissionTreeRequestValidationError{ + field: "Permission", + reason: "value does not match regex pattern \"^([a-z][a-z0-9_]{2,62}[a-z0-9])?$\"", + } + } return nil } @@ -1157,6 +1339,8 @@ var _ interface { ErrorName() string } = ExpandPermissionTreeRequestValidationError{} +var _ExpandPermissionTreeRequest_Permission_Pattern = regexp.MustCompile("^([a-z][a-z0-9_]{2,62}[a-z0-9])?$") + // Validate checks the field values on ExpandPermissionTreeResponse with the // rules defined in the proto definition for this message. If any rules are // violated, an error is returned. @@ -1263,9 +1447,40 @@ func (m *LookupResourcesRequest) Validate() error { } } - // no validation rules for ResourceObjectType + if len(m.GetResourceObjectType()) > 128 { + return LookupResourcesRequestValidationError{ + field: "ResourceObjectType", + reason: "value length must be at most 128 bytes", + } + } - // no validation rules for Permission + if !_LookupResourcesRequest_ResourceObjectType_Pattern.MatchString(m.GetResourceObjectType()) { + return LookupResourcesRequestValidationError{ + field: "ResourceObjectType", + reason: "value does not match regex pattern \"^([a-z][a-z0-9_]{2,61}[a-z0-9]/)?[a-z][a-z0-9_]{2,62}[a-z0-9]$\"", + } + } + + if len(m.GetPermission()) > 64 { + return LookupResourcesRequestValidationError{ + field: "Permission", + reason: "value length must be at most 64 bytes", + } + } + + if !_LookupResourcesRequest_Permission_Pattern.MatchString(m.GetPermission()) { + return LookupResourcesRequestValidationError{ + field: "Permission", + reason: "value does not match regex pattern \"^[a-z][a-z0-9_]{2,62}[a-z0-9]$\"", + } + } + + if m.GetSubject() == nil { + return LookupResourcesRequestValidationError{ + field: "Subject", + reason: "value is required", + } + } if v, ok := interface{}(m.GetSubject()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { @@ -1336,6 +1551,10 @@ var _ interface { ErrorName() string } = LookupResourcesRequestValidationError{} +var _LookupResourcesRequest_ResourceObjectType_Pattern = regexp.MustCompile("^([a-z][a-z0-9_]{2,61}[a-z0-9]/)?[a-z][a-z0-9_]{2,62}[a-z0-9]$") + +var _LookupResourcesRequest_Permission_Pattern = regexp.MustCompile("^[a-z][a-z0-9_]{2,62}[a-z0-9]$") + // Validate checks the field values on LookupResourcesResponse with the rules // defined in the proto definition for this message. If any rules are // violated, an error is returned. @@ -1423,7 +1642,19 @@ func (m *SubjectFilter_RelationFilter) Validate() error { return nil } - // no validation rules for Relation + if len(m.GetRelation()) > 64 { + return SubjectFilter_RelationFilterValidationError{ + field: "Relation", + reason: "value length must be at most 64 bytes", + } + } + + if !_SubjectFilter_RelationFilter_Relation_Pattern.MatchString(m.GetRelation()) { + return SubjectFilter_RelationFilterValidationError{ + field: "Relation", + reason: "value does not match regex pattern \"^([a-z][a-z0-9_]{2,62}[a-z0-9])?$\"", + } + } return nil } @@ -1484,3 +1715,5 @@ var _ interface { Cause() error ErrorName() string } = SubjectFilter_RelationFilterValidationError{} + +var _SubjectFilter_RelationFilter_Relation_Pattern = regexp.MustCompile("^([a-z][a-z0-9_]{2,62}[a-z0-9])?$") diff --git a/proto/authzed/api/v1/schema_service.pb.validate.go b/proto/authzed/api/v1/schema_service.pb.validate.go index e4d661e..a268117 100644 --- a/proto/authzed/api/v1/schema_service.pb.validate.go +++ b/proto/authzed/api/v1/schema_service.pb.validate.go @@ -15,7 +15,7 @@ import ( "time" "unicode/utf8" - "github.com/golang/protobuf/ptypes" + "google.golang.org/protobuf/types/known/anypb" ) // ensure the imports are used @@ -30,7 +30,7 @@ var ( _ = time.Duration(0) _ = (*url.URL)(nil) _ = (*mail.Address)(nil) - _ = ptypes.DynamicAny{} + _ = anypb.Any{} ) // Validate checks the field values on ReadSchemaRequest with the rules defined @@ -177,7 +177,12 @@ func (m *WriteSchemaRequest) Validate() error { return nil } - // no validation rules for Schema + if len(m.GetSchema()) > 262144 { + return WriteSchemaRequestValidationError{ + field: "Schema", + reason: "value length must be at most 262144 bytes", + } + } return nil } diff --git a/proto/authzed/api/v1/watch_service.pb.validate.go b/proto/authzed/api/v1/watch_service.pb.validate.go index bcd0c6b..f691b2f 100644 --- a/proto/authzed/api/v1/watch_service.pb.validate.go +++ b/proto/authzed/api/v1/watch_service.pb.validate.go @@ -15,7 +15,7 @@ import ( "time" "unicode/utf8" - "github.com/golang/protobuf/ptypes" + "google.golang.org/protobuf/types/known/anypb" ) // ensure the imports are used @@ -30,7 +30,7 @@ var ( _ = time.Duration(0) _ = (*url.URL)(nil) _ = (*mail.Address)(nil) - _ = ptypes.DynamicAny{} + _ = anypb.Any{} ) // Validate checks the field values on WatchRequest with the rules defined in @@ -41,6 +41,25 @@ func (m *WatchRequest) Validate() error { return nil } + for idx, item := range m.GetOptionalObjectTypes() { + _, _ = idx, item + + if len(item) > 128 { + return WatchRequestValidationError{ + field: fmt.Sprintf("OptionalObjectTypes[%v]", idx), + reason: "value length must be at most 128 bytes", + } + } + + if !_WatchRequest_OptionalObjectTypes_Pattern.MatchString(item) { + return WatchRequestValidationError{ + field: fmt.Sprintf("OptionalObjectTypes[%v]", idx), + reason: "value does not match regex pattern \"^([a-z][a-z0-9_]{2,62}[a-z0-9]/)?[a-z][a-z0-9_]{2,62}[a-z0-9]$\"", + } + } + + } + if v, ok := interface{}(m.GetOptionalStartCursor()).(interface{ Validate() error }); ok { if err := v.Validate(); err != nil { return WatchRequestValidationError{ @@ -108,6 +127,8 @@ var _ interface { ErrorName() string } = WatchRequestValidationError{} +var _WatchRequest_OptionalObjectTypes_Pattern = regexp.MustCompile("^([a-z][a-z0-9_]{2,62}[a-z0-9]/)?[a-z][a-z0-9_]{2,62}[a-z0-9]$") + // Validate checks the field values on WatchResponse with the rules defined in // the proto definition for this message. If any rules are violated, an error // is returned. diff --git a/proto/authzed/api/v1alpha1/schema.pb.go b/proto/authzed/api/v1alpha1/schema.pb.go index 2ebc6b4..fe7b873 100644 --- a/proto/authzed/api/v1alpha1/schema.pb.go +++ b/proto/authzed/api/v1alpha1/schema.pb.go @@ -83,6 +83,8 @@ type ReadSchemaResponse struct { // The Object Definitions that were requested. ObjectDefinitions []string `protobuf:"bytes,1,rep,name=object_definitions,json=objectDefinitions,proto3" json:"object_definitions,omitempty"` + // The computed revision of the returned object definitions. + ComputedDefinitionsRevision string `protobuf:"bytes,2,opt,name=computed_definitions_revision,json=computedDefinitionsRevision,proto3" json:"computed_definitions_revision,omitempty"` } func (x *ReadSchemaResponse) Reset() { @@ -124,6 +126,13 @@ func (x *ReadSchemaResponse) GetObjectDefinitions() []string { return nil } +func (x *ReadSchemaResponse) GetComputedDefinitionsRevision() string { + if x != nil { + return x.ComputedDefinitionsRevision + } + return "" +} + // WriteSchemaRequest is the required data used to "upsert" the Schema of a // Permissions System. type WriteSchemaRequest struct { @@ -134,6 +143,10 @@ type WriteSchemaRequest struct { // The Schema containing one or more Object Definitions that will be written // to the Permissions System. Schema string `protobuf:"bytes,1,opt,name=schema,proto3" json:"schema,omitempty"` // 256KiB + // If specified, the existing revision of object definitions in the schema that must be present for + // the write to succeed. If the revision specified differs (i.e. the underlying schema has changed), + // the write call will fail with a FAILED_PRECONDITION error. + OptionalDefinitionsRevisionPrecondition string `protobuf:"bytes,2,opt,name=optional_definitions_revision_precondition,json=optionalDefinitionsRevisionPrecondition,proto3" json:"optional_definitions_revision_precondition,omitempty"` } func (x *WriteSchemaRequest) Reset() { @@ -175,6 +188,13 @@ func (x *WriteSchemaRequest) GetSchema() string { return "" } +func (x *WriteSchemaRequest) GetOptionalDefinitionsRevisionPrecondition() string { + if x != nil { + return x.OptionalDefinitionsRevisionPrecondition + } + return "" +} + // WriteSchemaResponse is the resulting data after having written a Schema to // a Permissions System. type WriteSchemaResponse struct { @@ -184,6 +204,8 @@ type WriteSchemaResponse struct { // The names of the Object Definitions that were written. ObjectDefinitionsNames []string `protobuf:"bytes,1,rep,name=object_definitions_names,json=objectDefinitionsNames,proto3" json:"object_definitions_names,omitempty"` + // The computed revision of the written object definitions. + ComputedDefinitionsRevision string `protobuf:"bytes,2,opt,name=computed_definitions_revision,json=computedDefinitionsRevision,proto3" json:"computed_definitions_revision,omitempty"` } func (x *WriteSchemaResponse) Reset() { @@ -225,6 +247,13 @@ func (x *WriteSchemaResponse) GetObjectDefinitionsNames() []string { return nil } +func (x *WriteSchemaResponse) GetComputedDefinitionsRevision() string { + if x != nil { + return x.ComputedDefinitionsRevision + } + return "" +} + var File_authzed_api_v1alpha1_schema_proto protoreflect.FileDescriptor var file_authzed_api_v1alpha1_schema_proto_rawDesc = []byte{ @@ -243,39 +272,54 @@ var file_authzed_api_v1alpha1_schema_proto_rawDesc = []byte{ 0x7a, 0x5d, 0x5b, 0x61, 0x2d, 0x7a, 0x30, 0x2d, 0x39, 0x5f, 0x5d, 0x7b, 0x32, 0x2c, 0x36, 0x32, 0x7d, 0x5b, 0x61, 0x2d, 0x7a, 0x30, 0x2d, 0x39, 0x5d, 0x24, 0x52, 0x16, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x4e, 0x61, 0x6d, - 0x65, 0x73, 0x22, 0x43, 0x0a, 0x12, 0x52, 0x65, 0x61, 0x64, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61, - 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x2d, 0x0a, 0x12, 0x6f, 0x62, 0x6a, 0x65, - 0x63, 0x74, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, - 0x20, 0x03, 0x28, 0x09, 0x52, 0x11, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x44, 0x65, 0x66, 0x69, - 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x37, 0x0a, 0x12, 0x57, 0x72, 0x69, 0x74, 0x65, - 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x21, 0x0a, - 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x09, 0xfa, - 0x42, 0x06, 0x72, 0x04, 0x28, 0x80, 0x80, 0x10, 0x52, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x61, - 0x22, 0x4f, 0x0a, 0x13, 0x57, 0x72, 0x69, 0x74, 0x65, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x52, - 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x38, 0x0a, 0x18, 0x6f, 0x62, 0x6a, 0x65, 0x63, - 0x74, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x5f, 0x6e, 0x61, - 0x6d, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x16, 0x6f, 0x62, 0x6a, 0x65, 0x63, - 0x74, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x4e, 0x61, 0x6d, 0x65, - 0x73, 0x32, 0xd8, 0x01, 0x0a, 0x0d, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x53, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x12, 0x61, 0x0a, 0x0a, 0x52, 0x65, 0x61, 0x64, 0x53, 0x63, 0x68, 0x65, 0x6d, - 0x61, 0x12, 0x27, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x65, 0x64, 0x2e, 0x61, 0x70, 0x69, 0x2e, - 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x52, 0x65, 0x61, 0x64, 0x53, 0x63, 0x68, - 0x65, 0x6d, 0x61, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x28, 0x2e, 0x61, 0x75, 0x74, - 0x68, 0x7a, 0x65, 0x64, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, - 0x31, 0x2e, 0x52, 0x65, 0x61, 0x64, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x52, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x64, 0x0a, 0x0b, 0x57, 0x72, 0x69, 0x74, 0x65, 0x53, - 0x63, 0x68, 0x65, 0x6d, 0x61, 0x12, 0x28, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x65, 0x64, 0x2e, - 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x57, 0x72, 0x69, - 0x74, 0x65, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, - 0x29, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x65, 0x64, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, - 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x57, 0x72, 0x69, 0x74, 0x65, 0x53, 0x63, 0x68, 0x65, - 0x6d, 0x61, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x54, 0x0a, 0x18, - 0x63, 0x6f, 0x6d, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x65, 0x64, 0x2e, 0x61, 0x70, 0x69, 0x2e, - 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5a, 0x38, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x65, 0x64, 0x2f, 0x61, 0x75, 0x74, - 0x68, 0x7a, 0x65, 0x64, 0x2d, 0x67, 0x6f, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x61, 0x75, - 0x74, 0x68, 0x7a, 0x65, 0x64, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, - 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x65, 0x73, 0x22, 0x87, 0x01, 0x0a, 0x12, 0x52, 0x65, 0x61, 0x64, 0x53, 0x63, 0x68, 0x65, 0x6d, + 0x61, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x2d, 0x0a, 0x12, 0x6f, 0x62, 0x6a, + 0x65, 0x63, 0x74, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, + 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x11, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x44, 0x65, 0x66, + 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x42, 0x0a, 0x1d, 0x63, 0x6f, 0x6d, 0x70, + 0x75, 0x74, 0x65, 0x64, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, + 0x5f, 0x72, 0x65, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x1b, 0x63, 0x6f, 0x6d, 0x70, 0x75, 0x74, 0x65, 0x64, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, + 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x65, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x94, 0x01, 0x0a, + 0x12, 0x57, 0x72, 0x69, 0x74, 0x65, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x12, 0x21, 0x0a, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x42, 0x09, 0xfa, 0x42, 0x06, 0x72, 0x04, 0x28, 0x80, 0x80, 0x10, 0x52, 0x06, + 0x73, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x12, 0x5b, 0x0a, 0x2a, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, + 0x61, 0x6c, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x5f, 0x72, + 0x65, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x69, + 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x27, 0x6f, 0x70, 0x74, 0x69, + 0x6f, 0x6e, 0x61, 0x6c, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, + 0x65, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x69, 0x74, + 0x69, 0x6f, 0x6e, 0x22, 0x93, 0x01, 0x0a, 0x13, 0x57, 0x72, 0x69, 0x74, 0x65, 0x53, 0x63, 0x68, + 0x65, 0x6d, 0x61, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x38, 0x0a, 0x18, 0x6f, + 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, + 0x73, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x16, 0x6f, + 0x62, 0x6a, 0x65, 0x63, 0x74, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, + 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x42, 0x0a, 0x1d, 0x63, 0x6f, 0x6d, 0x70, 0x75, 0x74, 0x65, + 0x64, 0x5f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x5f, 0x72, 0x65, + 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x1b, 0x63, 0x6f, + 0x6d, 0x70, 0x75, 0x74, 0x65, 0x64, 0x44, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, + 0x73, 0x52, 0x65, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x32, 0xd8, 0x01, 0x0a, 0x0d, 0x53, 0x63, + 0x68, 0x65, 0x6d, 0x61, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x61, 0x0a, 0x0a, 0x52, + 0x65, 0x61, 0x64, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x12, 0x27, 0x2e, 0x61, 0x75, 0x74, 0x68, + 0x7a, 0x65, 0x64, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, + 0x2e, 0x52, 0x65, 0x61, 0x64, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x1a, 0x28, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x65, 0x64, 0x2e, 0x61, 0x70, 0x69, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x52, 0x65, 0x61, 0x64, 0x53, 0x63, + 0x68, 0x65, 0x6d, 0x61, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x64, + 0x0a, 0x0b, 0x57, 0x72, 0x69, 0x74, 0x65, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x12, 0x28, 0x2e, + 0x61, 0x75, 0x74, 0x68, 0x7a, 0x65, 0x64, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, + 0x70, 0x68, 0x61, 0x31, 0x2e, 0x57, 0x72, 0x69, 0x74, 0x65, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x29, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x65, + 0x64, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x57, + 0x72, 0x69, 0x74, 0x65, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x22, 0x00, 0x42, 0x54, 0x0a, 0x18, 0x63, 0x6f, 0x6d, 0x2e, 0x61, 0x75, 0x74, 0x68, + 0x7a, 0x65, 0x64, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, + 0x5a, 0x38, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x61, 0x75, 0x74, + 0x68, 0x7a, 0x65, 0x64, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x65, 0x64, 0x2d, 0x67, 0x6f, 0x2f, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x65, 0x64, 0x2f, 0x61, 0x70, + 0x69, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x33, } var ( diff --git a/proto/authzed/api/v1alpha1/schema.pb.validate.go b/proto/authzed/api/v1alpha1/schema.pb.validate.go index 49b22a4..aa00bc2 100644 --- a/proto/authzed/api/v1alpha1/schema.pb.validate.go +++ b/proto/authzed/api/v1alpha1/schema.pb.validate.go @@ -15,7 +15,7 @@ import ( "time" "unicode/utf8" - "github.com/golang/protobuf/ptypes" + "google.golang.org/protobuf/types/known/anypb" ) // ensure the imports are used @@ -30,7 +30,7 @@ var ( _ = time.Duration(0) _ = (*url.URL)(nil) _ = (*mail.Address)(nil) - _ = ptypes.DynamicAny{} + _ = anypb.Any{} ) // Validate checks the field values on ReadSchemaRequest with the rules defined @@ -41,6 +41,25 @@ func (m *ReadSchemaRequest) Validate() error { return nil } + for idx, item := range m.GetObjectDefinitionsNames() { + _, _ = idx, item + + if len(item) > 128 { + return ReadSchemaRequestValidationError{ + field: fmt.Sprintf("ObjectDefinitionsNames[%v]", idx), + reason: "value length must be at most 128 bytes", + } + } + + if !_ReadSchemaRequest_ObjectDefinitionsNames_Pattern.MatchString(item) { + return ReadSchemaRequestValidationError{ + field: fmt.Sprintf("ObjectDefinitionsNames[%v]", idx), + reason: "value does not match regex pattern \"^([a-z][a-z0-9_]{2,62}[a-z0-9]/)?[a-z][a-z0-9_]{2,62}[a-z0-9]$\"", + } + } + + } + return nil } @@ -100,6 +119,8 @@ var _ interface { ErrorName() string } = ReadSchemaRequestValidationError{} +var _ReadSchemaRequest_ObjectDefinitionsNames_Pattern = regexp.MustCompile("^([a-z][a-z0-9_]{2,62}[a-z0-9]/)?[a-z][a-z0-9_]{2,62}[a-z0-9]$") + // Validate checks the field values on ReadSchemaResponse with the rules // defined in the proto definition for this message. If any rules are // violated, an error is returned. @@ -108,6 +129,8 @@ func (m *ReadSchemaResponse) Validate() error { return nil } + // no validation rules for ComputedDefinitionsRevision + return nil } @@ -175,7 +198,14 @@ func (m *WriteSchemaRequest) Validate() error { return nil } - // no validation rules for Schema + if len(m.GetSchema()) > 262144 { + return WriteSchemaRequestValidationError{ + field: "Schema", + reason: "value length must be at most 262144 bytes", + } + } + + // no validation rules for OptionalDefinitionsRevisionPrecondition return nil } @@ -244,6 +274,8 @@ func (m *WriteSchemaResponse) Validate() error { return nil } + // no validation rules for ComputedDefinitionsRevision + return nil }