GetAttributeValuesByF
| fqns |
string |
repeated |
- Required
-Fully Qualified Names of attribute values (i.e. https://<namespace>/attr/<attribute_name>/value/<value_name>), normalized to lower case. |
+ Fully Qualified Names of attribute values (i.e. https://<namespace>/attr/<attribute_name>/value/<value_name>), normalized to lower case. |
@@ -4330,14 +4331,15 @@ ListAttributeValuesRequest
| attribute_id |
string |
|
- |
+ Required |
| state |
common.ActiveStateEnum |
|
- ACTIVE by default when not specified |
+ Optional
+ACTIVE by default when not specified |
@@ -4385,14 +4387,16 @@ ListAttributesRequest
state |
common.ActiveStateEnum |
|
- ACTIVE by default when not specified |
+ Optional
+ACTIVE by default when not specified |
| namespace |
string |
|
- can be id or name |
+ Optional
+Namespace ID or name |
@@ -4440,7 +4444,7 @@ RemoveKeyAc
| attribute_key_access_server |
AttributeKeyAccessServer |
|
- |
+ Required |
@@ -4488,7 +4492,7 @@ RemoveKeyAccess
| value_key_access_server |
ValueKeyAccessServer |
|
- |
+ Required |
@@ -4598,14 +4602,15 @@ UpdateAttributeValueReque
| id |
string |
|
- |
+ Required |
| metadata |
common.MetadataMutable |
|
- Common metadata |
+ Optional
+Common metadata |
@@ -4660,14 +4665,14 @@ ValueKeyAccessServer
value_id |
string |
|
- |
+ Required |
| key_access_server_id |
string |
|
- |
+ Required |
@@ -5003,14 +5008,15 @@ CreateKeyAccessServerRe
| public_key |
policy.PublicKey |
|
- |
+ Required |
| metadata |
common.MetadataMutable |
|
- Common metadata |
+ Optional
+Common metadata |
@@ -5058,7 +5064,7 @@ DeleteKeyAccessServerRe
| id |
string |
|
- |
+ Required |
@@ -5106,7 +5112,7 @@ GetKeyAccessServerRequest<
| id |
string |
|
- |
+ Required |
@@ -5231,7 +5237,7 @@ ListKeyAccessServer
| string |
|
Optional
-Filter LIST by either ID or URI of a registered Key Access Server.
+Filter LIST by either ID of a registered Key Access Server.
If neither is provided, grants from all registered KASs to policy attribute objects are returned. |
@@ -5239,7 +5245,9 @@ ListKeyAccessServer
| kas_uri |
string |
|
- |
+ Optional
+Filter LIST by URI of a registered Key Access Server.
+If neither is provided, grants from all registered KASs to policy attribute objects are returned. |
@@ -5325,21 +5333,22 @@ UpdateKeyAccessServerRe
| uri |
string |
|
- |
+ Required |
| public_key |
policy.PublicKey |
|
- |
+ Required |
| metadata |
common.MetadataMutable |
|
- Common metadata |
+ Optional
+Common metadata |
@@ -5643,7 +5652,7 @@ DeactivateNamespaceRequest
| id |
string |
|
- |
+ Required |
@@ -5674,7 +5683,7 @@ GetNamespaceRequest
id |
string |
|
- |
+ Required |
@@ -5722,7 +5731,8 @@ ListNamespacesRequest
state |
common.ActiveStateEnum |
|
- ACTIVE by default when not specified |
+ Optional
+ACTIVE by default when not specified |
@@ -5770,14 +5780,14 @@ NamespaceKeyAccessServer
namespace_id
string |
|
- |
+ Required |
| key_access_server_id |
string |
|
- |
+ Required |
@@ -6083,7 +6093,7 @@ CreateResource
| name |
string |
|
- |
+ Required |
@@ -6145,7 +6155,7 @@ CreateResourceMappi
| terms |
string |
repeated |
- |
+ Required |
@@ -6159,7 +6169,7 @@
@@ -6620,7 +6630,7 @@ UpdateResource
| name |
string |
|
- |
+ Optional |
@@ -6696,21 +6706,22 @@ UpdateResourceMappi
| terms |
string |
repeated |
- |
+ Optional |
| group_id |
string |
|
- |
+ Optional |
| metadata |
common.MetadataMutable |
|
- Common Metadata |
+ Optional
+Common Metadata |
@@ -7052,7 +7063,8 @@ CreateSubjectMappingR
| actions |
policy.Action |
repeated |
- The actions permitted by subjects in this mapping |
+ Required
+The actions permitted by subjects in this mapping |
@@ -7122,7 +7134,7 @@ DeleteSubjectCon
| id |
string |
|
- |
+ Required |
@@ -7170,7 +7182,7 @@ DeleteSubjectMappingR
| id |
string |
|
- |
+ Required |
@@ -7218,7 +7230,7 @@ GetSubjectCondition
| id |
string |
|
- |
+ Required |
@@ -7273,7 +7285,7 @@ GetSubjectMappingRequest
| id |
string |
|
- |
+ Required |
@@ -7548,7 +7560,8 @@ UpdateSubjectMappingR
| actions |
policy.Action |
repeated |
- Replaces entire list of actions permitted by subjects |
+ Optional
+Replaces entire list of actions permitted by subjects |
@@ -7849,7 +7862,8 @@ UnsafeDeleteAttributeRequest
| fqn |
string |
|
- Fully Qualified Name (FQN) of Attribute Definition (i.e. https://<namespace>/attr/<attribute name>), normalized to lower case. |
+ Required
+Fully Qualified Name (FQN) of Attribute Definition (i.e. https://<namespace>/attr/<attribute name>), normalized to lower case. |
@@ -7905,7 +7919,8 @@ UnsafeDeleteAttributeVa
| fqn |
string |
|
- Fully Qualified Name (FQN) of Attribute Value (i.e. https://<namespace>/attr/<attribute name>/value/<value>), normalized to lower case. |
+ Required
+Fully Qualified Name (FQN) of Attribute Value (i.e. https://<namespace>/attr/<attribute name>/value/<value>), normalized to lower case. |
@@ -7961,7 +7976,8 @@ UnsafeDeleteNamespaceRequest
| fqn |
string |
|
- Fully Qualified Name (FQN) of Namespace (i.e. https://<namespace>), normalized to lower case. |
+ Required
+Fully Qualified Name (FQN) of Namespace (i.e. https://<namespace>), normalized to lower case. |
@@ -8009,7 +8025,7 @@ UnsafeReactivateAttribut
| id |
string |
|
- |
+ Required |
@@ -8057,7 +8073,7 @@ UnsafeReactivateAtt
| id |
string |
|
- |
+ Required |
@@ -8105,7 +8121,7 @@ UnsafeReactivateNamespac
| id |
string |
|
- |
+ Required |
@@ -8169,7 +8185,8 @@ UnsafeUpdateAttributeRequest
| rule |
policy.AttributeRuleTypeEnum |
|
- WARNING!!
+ | Optional
+WARNING!!
Updating the rule of an Attribute will retroactively alter access to existing TDFs of the Attribute name. |
@@ -8177,7 +8194,8 @@ UnsafeUpdateAttributeRequest
| values_order |
string |
repeated |
- WARNING!!
+ | Optional
+WARNING!!
Unsafe reordering requires the full list of values in the new order they should be stored. Updating the order of values in a HIERARCHY-rule Attribute Definition
will retroactively alter access to existing TDFs containing those values. Replacing values on an attribute in place is not supported; values can be unsafely deleted
deleted, created, and unsafely re-ordered as necessary. |
@@ -8228,14 +8246,14 @@ UnsafeUpdateAttributeVa
| id |
string |
|
- |
+ Required |
| value |
string |
|
- |
+ Required |
@@ -8290,7 +8308,7 @@ UnsafeUpdateNamespaceRequest
| name |
string |
|
- |
+ Required |
diff --git a/docs/openapi/policy/attributes/attributes.swagger.json b/docs/openapi/policy/attributes/attributes.swagger.json
index 17e5248ca..3f036f797 100644
--- a/docs/openapi/policy/attributes/attributes.swagger.json
+++ b/docs/openapi/policy/attributes/attributes.swagger.json
@@ -37,7 +37,7 @@
"parameters": [
{
"name": "state",
- "description": "ACTIVE by default when not specified",
+ "description": "Optional\nACTIVE by default when not specified",
"in": "query",
"required": false,
"type": "string",
@@ -51,7 +51,7 @@
},
{
"name": "namespace",
- "description": "can be id or name",
+ "description": "Optional\nNamespace ID or name",
"in": "query",
"required": false,
"type": "string"
@@ -112,7 +112,7 @@
"parameters": [
{
"name": "fqns",
- "description": "Required\nFully Qualified Names of attribute values (i.e. https://\u003cnamespace\u003e/attr/\u003cattribute_name\u003e/value/\u003cvalue_name\u003e), normalized to lower case.",
+ "description": "Fully Qualified Names of attribute values (i.e. https://\u003cnamespace\u003e/attr/\u003cattribute_name\u003e/value/\u003cvalue_name\u003e), normalized to lower case.",
"in": "query",
"required": false,
"type": "array",
@@ -171,13 +171,14 @@
"parameters": [
{
"name": "attributeId",
+ "description": "Required",
"in": "query",
"required": false,
"type": "string"
},
{
"name": "state",
- "description": "ACTIVE by default when not specified",
+ "description": "Optional\nACTIVE by default when not specified",
"in": "query",
"required": false,
"type": "string",
@@ -216,6 +217,7 @@
"parameters": [
{
"name": "id",
+ "description": "Required",
"in": "path",
"required": true,
"type": "string"
@@ -244,6 +246,7 @@
"parameters": [
{
"name": "id",
+ "description": "Required",
"in": "path",
"required": true,
"type": "string"
@@ -272,6 +275,7 @@
"parameters": [
{
"name": "id",
+ "description": "Required",
"in": "path",
"required": true,
"type": "string"
@@ -285,7 +289,7 @@
"properties": {
"metadata": {
"$ref": "#/definitions/commonMetadataMutable",
- "title": "Common metadata"
+ "title": "Optional\nCommon metadata"
},
"metadataUpdateBehavior": {
"$ref": "#/definitions/commonMetadataUpdateEnum"
@@ -319,12 +323,14 @@
"parameters": [
{
"name": "attributeKeyAccessServer.attributeId",
+ "description": "Required",
"in": "query",
"required": false,
"type": "string"
},
{
"name": "attributeKeyAccessServer.keyAccessServerId",
+ "description": "Required",
"in": "query",
"required": false,
"type": "string"
@@ -354,6 +360,7 @@
"parameters": [
{
"name": "attributeKeyAccessServer",
+ "description": "Required",
"in": "body",
"required": true,
"schema": {
@@ -386,12 +393,14 @@
"parameters": [
{
"name": "valueKeyAccessServer.valueId",
+ "description": "Required",
"in": "query",
"required": false,
"type": "string"
},
{
"name": "valueKeyAccessServer.keyAccessServerId",
+ "description": "Required",
"in": "query",
"required": false,
"type": "string"
@@ -420,6 +429,7 @@
"parameters": [
{
"name": "valueKeyAccessServer",
+ "description": "Required",
"in": "body",
"required": true,
"schema": {
@@ -465,11 +475,12 @@
"type": "object",
"properties": {
"value": {
- "type": "string"
+ "type": "string",
+ "title": "Required"
},
"metadata": {
"$ref": "#/definitions/commonMetadataMutable",
- "title": "Common metadata"
+ "title": "Optional\nCommon metadata"
}
}
}
@@ -500,6 +511,7 @@
"parameters": [
{
"name": "id",
+ "description": "Required",
"in": "path",
"required": true,
"type": "string"
@@ -528,6 +540,7 @@
"parameters": [
{
"name": "id",
+ "description": "Required",
"in": "path",
"required": true,
"type": "string"
@@ -630,10 +643,12 @@
"type": "object",
"properties": {
"attributeId": {
- "type": "string"
+ "type": "string",
+ "title": "Required"
},
"keyAccessServerId": {
- "type": "string"
+ "type": "string",
+ "title": "Required"
}
}
},
@@ -645,17 +660,19 @@
"title": "Required"
},
"name": {
- "type": "string"
+ "type": "string",
+ "title": "Required"
},
"rule": {
- "$ref": "#/definitions/policyAttributeRuleTypeEnum"
+ "$ref": "#/definitions/policyAttributeRuleTypeEnum",
+ "title": "Required"
},
"values": {
"type": "array",
"items": {
"type": "string"
},
- "description": "Optional attribute values (when provided) must be alphanumeric strings, allowing hyphens and underscores but not as the first or last character.\nThe stored attribute value will be normalized to lower case."
+ "description": "Optional \nAttribute values (when provided) must be alphanumeric strings, allowing hyphens and underscores but not as the first or last character.\nThe stored attribute value will be normalized to lower case."
},
"metadata": {
"$ref": "#/definitions/commonMetadataMutable",
@@ -783,10 +800,12 @@
"type": "object",
"properties": {
"valueId": {
- "type": "string"
+ "type": "string",
+ "title": "Required"
},
"keyAccessServerId": {
- "type": "string"
+ "type": "string",
+ "title": "Required"
}
}
},
diff --git a/docs/openapi/policy/kasregistry/key_access_server_registry.swagger.json b/docs/openapi/policy/kasregistry/key_access_server_registry.swagger.json
index bbd287d1a..ea332c31e 100644
--- a/docs/openapi/policy/kasregistry/key_access_server_registry.swagger.json
+++ b/docs/openapi/policy/kasregistry/key_access_server_registry.swagger.json
@@ -88,13 +88,14 @@
"parameters": [
{
"name": "kasId",
- "description": "Optional\nFilter LIST by either ID or URI of a registered Key Access Server.\nIf neither is provided, grants from all registered KASs to policy attribute objects are returned.",
+ "description": "Optional\nFilter LIST by either ID of a registered Key Access Server.\nIf neither is provided, grants from all registered KASs to policy attribute objects are returned.",
"in": "query",
"required": false,
"type": "string"
},
{
"name": "kasUri",
+ "description": "Optional\nFilter LIST by URI of a registered Key Access Server.\nIf neither is provided, grants from all registered KASs to policy attribute objects are returned.",
"in": "query",
"required": false,
"type": "string"
@@ -125,6 +126,7 @@
"parameters": [
{
"name": "id",
+ "description": "Required",
"in": "path",
"required": true,
"type": "string"
@@ -153,6 +155,7 @@
"parameters": [
{
"name": "id",
+ "description": "Required",
"in": "path",
"required": true,
"type": "string"
@@ -194,14 +197,16 @@
"type": "object",
"properties": {
"uri": {
- "type": "string"
+ "type": "string",
+ "title": "Required"
},
"publicKey": {
- "$ref": "#/definitions/policyPublicKey"
+ "$ref": "#/definitions/policyPublicKey",
+ "title": "Required"
},
"metadata": {
"$ref": "#/definitions/commonMetadataMutable",
- "title": "Common metadata"
+ "title": "Optional\nCommon metadata"
},
"metadataUpdateBehavior": {
"$ref": "#/definitions/commonMetadataUpdateEnum"
@@ -270,11 +275,12 @@
"title": "Required"
},
"publicKey": {
- "$ref": "#/definitions/policyPublicKey"
+ "$ref": "#/definitions/policyPublicKey",
+ "title": "Required"
},
"metadata": {
"$ref": "#/definitions/commonMetadataMutable",
- "title": "Common metadata"
+ "title": "Optional\nCommon metadata"
}
}
},
diff --git a/docs/openapi/policy/namespaces/namespaces.swagger.json b/docs/openapi/policy/namespaces/namespaces.swagger.json
index 265549220..f64b0092d 100644
--- a/docs/openapi/policy/namespaces/namespaces.swagger.json
+++ b/docs/openapi/policy/namespaces/namespaces.swagger.json
@@ -36,7 +36,7 @@
"parameters": [
{
"name": "state",
- "description": "ACTIVE by default when not specified",
+ "description": "Optional\nACTIVE by default when not specified",
"in": "query",
"required": false,
"type": "string",
@@ -104,12 +104,14 @@
"parameters": [
{
"name": "namespaceKeyAccessServer.namespaceId",
+ "description": "Required",
"in": "query",
"required": false,
"type": "string"
},
{
"name": "namespaceKeyAccessServer.keyAccessServerId",
+ "description": "Required",
"in": "query",
"required": false,
"type": "string"
@@ -171,6 +173,7 @@
"parameters": [
{
"name": "id",
+ "description": "Required",
"in": "path",
"required": true,
"type": "string"
@@ -199,6 +202,7 @@
"parameters": [
{
"name": "id",
+ "description": "Required",
"in": "path",
"required": true,
"type": "string"
@@ -369,10 +373,12 @@
"type": "object",
"properties": {
"namespaceId": {
- "type": "string"
+ "type": "string",
+ "title": "Required"
},
"keyAccessServerId": {
- "type": "string"
+ "type": "string",
+ "title": "Required"
}
}
},
diff --git a/docs/openapi/policy/resourcemapping/resource_mapping.swagger.json b/docs/openapi/policy/resourcemapping/resource_mapping.swagger.json
index d637263e4..5140dd735 100644
--- a/docs/openapi/policy/resourcemapping/resource_mapping.swagger.json
+++ b/docs/openapi/policy/resourcemapping/resource_mapping.swagger.json
@@ -172,7 +172,8 @@
"title": "Optional"
},
"name": {
- "type": "string"
+ "type": "string",
+ "title": "Optional"
},
"metadata": {
"$ref": "#/definitions/commonMetadataMutable",
@@ -384,14 +385,16 @@
"type": "array",
"items": {
"type": "string"
- }
+ },
+ "title": "Optional"
},
"groupId": {
- "type": "string"
+ "type": "string",
+ "title": "Optional"
},
"metadata": {
"$ref": "#/definitions/commonMetadataMutable",
- "title": "Common Metadata"
+ "title": "Optional\nCommon Metadata"
},
"metadataUpdateBehavior": {
"$ref": "#/definitions/commonMetadataUpdateEnum"
@@ -863,7 +866,8 @@
"title": "Required"
},
"name": {
- "type": "string"
+ "type": "string",
+ "title": "Required"
},
"metadata": {
"$ref": "#/definitions/commonMetadataMutable",
@@ -890,14 +894,16 @@
"type": "array",
"items": {
"type": "string"
- }
+ },
+ "title": "Required"
},
"groupId": {
"type": "string",
"title": "Optional"
},
"metadata": {
- "$ref": "#/definitions/commonMetadataMutable"
+ "$ref": "#/definitions/commonMetadataMutable",
+ "title": "Optional"
}
}
},
diff --git a/docs/openapi/policy/subjectmapping/subject_mapping.swagger.json b/docs/openapi/policy/subjectmapping/subject_mapping.swagger.json
index 6afccc032..43a326320 100644
--- a/docs/openapi/policy/subjectmapping/subject_mapping.swagger.json
+++ b/docs/openapi/policy/subjectmapping/subject_mapping.swagger.json
@@ -88,6 +88,7 @@
"parameters": [
{
"name": "id",
+ "description": "Required",
"in": "path",
"required": true,
"type": "string"
@@ -116,6 +117,7 @@
"parameters": [
{
"name": "id",
+ "description": "Required",
"in": "path",
"required": true,
"type": "string"
@@ -289,6 +291,7 @@
"parameters": [
{
"name": "id",
+ "description": "Required",
"in": "path",
"required": true,
"type": "string"
@@ -317,6 +320,7 @@
"parameters": [
{
"name": "id",
+ "description": "Required",
"in": "path",
"required": true,
"type": "string"
@@ -367,7 +371,7 @@
"type": "object",
"$ref": "#/definitions/policyAction"
},
- "title": "Replaces entire list of actions permitted by subjects"
+ "title": "Optional\nReplaces entire list of actions permitted by subjects"
},
"metadata": {
"$ref": "#/definitions/commonMetadataMutable",
@@ -850,7 +854,7 @@
"type": "object",
"$ref": "#/definitions/policyAction"
},
- "title": "The actions permitted by subjects in this mapping"
+ "title": "Required\nThe actions permitted by subjects in this mapping"
},
"existingSubjectConditionSetId": {
"type": "string",
diff --git a/docs/openapi/policy/unsafe/unsafe.swagger.json b/docs/openapi/policy/unsafe/unsafe.swagger.json
index 977e1a582..8049ef8cb 100644
--- a/docs/openapi/policy/unsafe/unsafe.swagger.json
+++ b/docs/openapi/policy/unsafe/unsafe.swagger.json
@@ -43,7 +43,7 @@
},
{
"name": "fqn",
- "description": "Fully Qualified Name (FQN) of Attribute Value (i.e. https://\u003cnamespace\u003e/attr/\u003cattribute name\u003e/value/\u003cvalue\u003e), normalized to lower case.",
+ "description": "Required\nFully Qualified Name (FQN) of Attribute Value (i.e. https://\u003cnamespace\u003e/attr/\u003cattribute name\u003e/value/\u003cvalue\u003e), normalized to lower case.",
"in": "query",
"required": false,
"type": "string"
@@ -73,12 +73,14 @@
"parameters": [
{
"name": "id",
+ "description": "Required",
"in": "path",
"required": true,
"type": "string"
},
{
"name": "value",
+ "description": "Required",
"in": "query",
"required": false,
"type": "string"
@@ -109,6 +111,7 @@
"parameters": [
{
"name": "id",
+ "description": "Required",
"in": "path",
"required": true,
"type": "string"
@@ -146,7 +149,7 @@
},
{
"name": "fqn",
- "description": "Fully Qualified Name (FQN) of Attribute Definition (i.e. https://\u003cnamespace\u003e/attr/\u003cattribute name\u003e), normalized to lower case.",
+ "description": "Required\nFully Qualified Name (FQN) of Attribute Definition (i.e. https://\u003cnamespace\u003e/attr/\u003cattribute name\u003e), normalized to lower case.",
"in": "query",
"required": false,
"type": "string"
@@ -190,7 +193,7 @@
},
{
"name": "rule",
- "description": "WARNING!! \nUpdating the rule of an Attribute will retroactively alter access to existing TDFs of the Attribute name.",
+ "description": "Optional\nWARNING!! \nUpdating the rule of an Attribute will retroactively alter access to existing TDFs of the Attribute name.",
"in": "query",
"required": false,
"type": "string",
@@ -204,7 +207,7 @@
},
{
"name": "valuesOrder",
- "description": "WARNING!!\nUnsafe reordering requires the full list of values in the new order they should be stored. Updating the order of values in a HIERARCHY-rule Attribute Definition\nwill retroactively alter access to existing TDFs containing those values. Replacing values on an attribute in place is not supported; values can be unsafely deleted\ndeleted, created, and unsafely re-ordered as necessary.",
+ "description": "Optional\nWARNING!!\nUnsafe reordering requires the full list of values in the new order they should be stored. Updating the order of values in a HIERARCHY-rule Attribute Definition\nwill retroactively alter access to existing TDFs containing those values. Replacing values on an attribute in place is not supported; values can be unsafely deleted\ndeleted, created, and unsafely re-ordered as necessary.",
"in": "query",
"required": false,
"type": "array",
@@ -239,6 +242,7 @@
"parameters": [
{
"name": "id",
+ "description": "Required",
"in": "path",
"required": true,
"type": "string"
@@ -276,7 +280,7 @@
},
{
"name": "fqn",
- "description": "Fully Qualified Name (FQN) of Namespace (i.e. https://\u003cnamespace\u003e), normalized to lower case.",
+ "description": "Required\nFully Qualified Name (FQN) of Namespace (i.e. https://\u003cnamespace\u003e), normalized to lower case.",
"in": "query",
"required": false,
"type": "string"
@@ -313,6 +317,7 @@
},
{
"name": "name",
+ "description": "Required",
"in": "query",
"required": false,
"type": "string"
@@ -343,6 +348,7 @@
"parameters": [
{
"name": "id",
+ "description": "Required",
"in": "path",
"required": true,
"type": "string"
diff --git a/protocol/go/policy/attributes/attributes.pb.go b/protocol/go/policy/attributes/attributes.pb.go
index e6a724a20..ab957cc3f 100644
--- a/protocol/go/policy/attributes/attributes.pb.go
+++ b/protocol/go/policy/attributes/attributes.pb.go
@@ -29,7 +29,9 @@ type AttributeKeyAccessServer struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
- AttributeId string `protobuf:"bytes,1,opt,name=attribute_id,json=attributeId,proto3" json:"attribute_id,omitempty"`
+ // Required
+ AttributeId string `protobuf:"bytes,1,opt,name=attribute_id,json=attributeId,proto3" json:"attribute_id,omitempty"`
+ // Required
KeyAccessServerId string `protobuf:"bytes,2,opt,name=key_access_server_id,json=keyAccessServerId,proto3" json:"key_access_server_id,omitempty"`
}
@@ -84,7 +86,9 @@ type ValueKeyAccessServer struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
- ValueId string `protobuf:"bytes,1,opt,name=value_id,json=valueId,proto3" json:"value_id,omitempty"`
+ // Required
+ ValueId string `protobuf:"bytes,1,opt,name=value_id,json=valueId,proto3" json:"value_id,omitempty"`
+ // Required
KeyAccessServerId string `protobuf:"bytes,2,opt,name=key_access_server_id,json=keyAccessServerId,proto3" json:"key_access_server_id,omitempty"`
}
@@ -139,9 +143,11 @@ type ListAttributesRequest struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
+ // Optional
// ACTIVE by default when not specified
State common.ActiveStateEnum `protobuf:"varint,1,opt,name=state,proto3,enum=common.ActiveStateEnum" json:"state,omitempty"`
- // can be id or name
+ // Optional
+ // Namespace ID or name
Namespace string `protobuf:"bytes,2,opt,name=namespace,proto3" json:"namespace,omitempty"`
}
@@ -243,6 +249,7 @@ type GetAttributeRequest struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
+ // Required
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
}
@@ -338,10 +345,13 @@ type CreateAttributeRequest struct {
unknownFields protoimpl.UnknownFields
// Required
- NamespaceId string `protobuf:"bytes,1,opt,name=namespace_id,json=namespaceId,proto3" json:"namespace_id,omitempty"`
- Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
- Rule policy.AttributeRuleTypeEnum `protobuf:"varint,3,opt,name=rule,proto3,enum=policy.AttributeRuleTypeEnum" json:"rule,omitempty"`
- // Optional attribute values (when provided) must be alphanumeric strings, allowing hyphens and underscores but not as the first or last character.
+ NamespaceId string `protobuf:"bytes,1,opt,name=namespace_id,json=namespaceId,proto3" json:"namespace_id,omitempty"`
+ // Required
+ Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
+ // Required
+ Rule policy.AttributeRuleTypeEnum `protobuf:"varint,3,opt,name=rule,proto3,enum=policy.AttributeRuleTypeEnum" json:"rule,omitempty"`
+ // Optional
+ // Attribute values (when provided) must be alphanumeric strings, allowing hyphens and underscores but not as the first or last character.
// The stored attribute value will be normalized to lower case.
Values []string `protobuf:"bytes,4,rep,name=values,proto3" json:"values,omitempty"`
// Optional
@@ -579,6 +589,7 @@ type DeactivateAttributeRequest struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
+ // Required
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
}
@@ -676,6 +687,7 @@ type GetAttributeValueRequest struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
+ // Required
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
}
@@ -770,7 +782,9 @@ type ListAttributeValuesRequest struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
+ // Required
AttributeId string `protobuf:"bytes,1,opt,name=attribute_id,json=attributeId,proto3" json:"attribute_id,omitempty"`
+ // Optional
// ACTIVE by default when not specified
State common.ActiveStateEnum `protobuf:"varint,2,opt,name=state,proto3,enum=common.ActiveStateEnum" json:"state,omitempty"`
}
@@ -875,7 +889,9 @@ type CreateAttributeValueRequest struct {
// Required
AttributeId string `protobuf:"bytes,1,opt,name=attribute_id,json=attributeId,proto3" json:"attribute_id,omitempty"`
- Value string `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
+ // Required
+ Value string `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
+ // Optional
// Common metadata
Metadata *common.MetadataMutable `protobuf:"bytes,100,opt,name=metadata,proto3" json:"metadata,omitempty"`
}
@@ -985,7 +1001,9 @@ type UpdateAttributeValueRequest struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
+ // Required
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+ // Optional
// Common metadata
Metadata *common.MetadataMutable `protobuf:"bytes,100,opt,name=metadata,proto3" json:"metadata,omitempty"`
MetadataUpdateBehavior common.MetadataUpdateEnum `protobuf:"varint,101,opt,name=metadata_update_behavior,json=metadataUpdateBehavior,proto3,enum=common.MetadataUpdateEnum" json:"metadata_update_behavior,omitempty"`
@@ -1096,6 +1114,7 @@ type DeactivateAttributeValueRequest struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
+ // Required
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
}
@@ -1190,7 +1209,6 @@ type GetAttributeValuesByFqnsRequest struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
- // Required
// Fully Qualified Names of attribute values (i.e. https:///attr//value/), normalized to lower case.
Fqns []string `protobuf:"bytes,1,rep,name=fqns,proto3" json:"fqns,omitempty"`
WithValue *policy.AttributeValueSelector `protobuf:"bytes,2,opt,name=with_value,json=withValue,proto3" json:"with_value,omitempty"`
@@ -1295,6 +1313,7 @@ type AssignKeyAccessServerToAttributeRequest struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
+ // Required
AttributeKeyAccessServer *AttributeKeyAccessServer `protobuf:"bytes,1,opt,name=attribute_key_access_server,json=attributeKeyAccessServer,proto3" json:"attribute_key_access_server,omitempty"`
}
@@ -1389,6 +1408,7 @@ type RemoveKeyAccessServerFromAttributeRequest struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
+ // Required
AttributeKeyAccessServer *AttributeKeyAccessServer `protobuf:"bytes,1,opt,name=attribute_key_access_server,json=attributeKeyAccessServer,proto3" json:"attribute_key_access_server,omitempty"`
}
@@ -1483,6 +1503,7 @@ type AssignKeyAccessServerToValueRequest struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
+ // Required
ValueKeyAccessServer *ValueKeyAccessServer `protobuf:"bytes,1,opt,name=value_key_access_server,json=valueKeyAccessServer,proto3" json:"value_key_access_server,omitempty"`
}
@@ -1577,6 +1598,7 @@ type RemoveKeyAccessServerFromValueRequest struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
+ // Required
ValueKeyAccessServer *ValueKeyAccessServer `protobuf:"bytes,1,opt,name=value_key_access_server,json=valueKeyAccessServer,proto3" json:"value_key_access_server,omitempty"`
}
diff --git a/protocol/go/policy/kasregistry/key_access_server_registry.pb.go b/protocol/go/policy/kasregistry/key_access_server_registry.pb.go
index dcf4efa9f..72df8f131 100644
--- a/protocol/go/policy/kasregistry/key_access_server_registry.pb.go
+++ b/protocol/go/policy/kasregistry/key_access_server_registry.pb.go
@@ -29,6 +29,7 @@ type GetKeyAccessServerRequest struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
+ // Required
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
}
@@ -209,8 +210,10 @@ type CreateKeyAccessServerRequest struct {
unknownFields protoimpl.UnknownFields
// Required
- Uri string `protobuf:"bytes,1,opt,name=uri,proto3" json:"uri,omitempty"`
+ Uri string `protobuf:"bytes,1,opt,name=uri,proto3" json:"uri,omitempty"`
+ // Required
PublicKey *policy.PublicKey `protobuf:"bytes,2,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
+ // Optional
// Common metadata
Metadata *common.MetadataMutable `protobuf:"bytes,100,opt,name=metadata,proto3" json:"metadata,omitempty"`
}
@@ -321,9 +324,12 @@ type UpdateKeyAccessServerRequest struct {
unknownFields protoimpl.UnknownFields
// Required
- Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
- Uri string `protobuf:"bytes,2,opt,name=uri,proto3" json:"uri,omitempty"`
+ Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+ // Required
+ Uri string `protobuf:"bytes,2,opt,name=uri,proto3" json:"uri,omitempty"`
+ // Required
PublicKey *policy.PublicKey `protobuf:"bytes,3,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
+ // Optional
// Common metadata
Metadata *common.MetadataMutable `protobuf:"bytes,100,opt,name=metadata,proto3" json:"metadata,omitempty"`
MetadataUpdateBehavior common.MetadataUpdateEnum `protobuf:"varint,101,opt,name=metadata_update_behavior,json=metadataUpdateBehavior,proto3,enum=common.MetadataUpdateEnum" json:"metadata_update_behavior,omitempty"`
@@ -448,6 +454,7 @@ type DeleteKeyAccessServerRequest struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
+ // Required
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
}
@@ -674,9 +681,12 @@ type ListKeyAccessServerGrantsRequest struct {
unknownFields protoimpl.UnknownFields
// Optional
- // Filter LIST by either ID or URI of a registered Key Access Server.
+ // Filter LIST by either ID of a registered Key Access Server.
+ // If neither is provided, grants from all registered KASs to policy attribute objects are returned.
+ KasId string `protobuf:"bytes,1,opt,name=kas_id,json=kasId,proto3" json:"kas_id,omitempty"`
+ // Optional
+ // Filter LIST by URI of a registered Key Access Server.
// If neither is provided, grants from all registered KASs to policy attribute objects are returned.
- KasId string `protobuf:"bytes,1,opt,name=kas_id,json=kasId,proto3" json:"kas_id,omitempty"`
KasUri string `protobuf:"bytes,2,opt,name=kas_uri,json=kasUri,proto3" json:"kas_uri,omitempty"`
}
diff --git a/protocol/go/policy/namespaces/namespaces.pb.go b/protocol/go/policy/namespaces/namespaces.pb.go
index ed5fbba3f..cd3d1480c 100644
--- a/protocol/go/policy/namespaces/namespaces.pb.go
+++ b/protocol/go/policy/namespaces/namespaces.pb.go
@@ -29,7 +29,9 @@ type NamespaceKeyAccessServer struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
- NamespaceId string `protobuf:"bytes,1,opt,name=namespace_id,json=namespaceId,proto3" json:"namespace_id,omitempty"`
+ // Required
+ NamespaceId string `protobuf:"bytes,1,opt,name=namespace_id,json=namespaceId,proto3" json:"namespace_id,omitempty"`
+ // Required
KeyAccessServerId string `protobuf:"bytes,2,opt,name=key_access_server_id,json=keyAccessServerId,proto3" json:"key_access_server_id,omitempty"`
}
@@ -84,6 +86,7 @@ type GetNamespaceRequest struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
+ // Required
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
}
@@ -178,6 +181,7 @@ type ListNamespacesRequest struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
+ // Optional
// ACTIVE by default when not specified
State common.ActiveStateEnum `protobuf:"varint,1,opt,name=state,proto3,enum=common.ActiveStateEnum" json:"state,omitempty"`
}
@@ -489,6 +493,7 @@ type DeactivateNamespaceRequest struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
+ // Required
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
}
diff --git a/protocol/go/policy/resourcemapping/resource_mapping.pb.go b/protocol/go/policy/resourcemapping/resource_mapping.pb.go
index 570f2d2a2..131662669 100644
--- a/protocol/go/policy/resourcemapping/resource_mapping.pb.go
+++ b/protocol/go/policy/resourcemapping/resource_mapping.pb.go
@@ -221,7 +221,8 @@ type CreateResourceMappingGroupRequest struct {
// Required
NamespaceId string `protobuf:"bytes,1,opt,name=namespace_id,json=namespaceId,proto3" json:"namespace_id,omitempty"`
- Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
+ // Required
+ Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
// Common metadata
Metadata *common.MetadataMutable `protobuf:"bytes,100,opt,name=metadata,proto3" json:"metadata,omitempty"`
}
@@ -335,7 +336,8 @@ type UpdateResourceMappingGroupRequest struct {
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
// Optional
NamespaceId string `protobuf:"bytes,2,opt,name=namespace_id,json=namespaceId,proto3" json:"namespace_id,omitempty"`
- Name string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"`
+ // Optional
+ Name string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"`
// Common metadata
Metadata *common.MetadataMutable `protobuf:"bytes,100,opt,name=metadata,proto3" json:"metadata,omitempty"`
MetadataUpdateBehavior common.MetadataUpdateEnum `protobuf:"varint,101,opt,name=metadata_update_behavior,json=metadataUpdateBehavior,proto3,enum=common.MetadataUpdateEnum" json:"metadata_update_behavior,omitempty"`
@@ -897,10 +899,12 @@ type CreateResourceMappingRequest struct {
unknownFields protoimpl.UnknownFields
// Required
- AttributeValueId string `protobuf:"bytes,1,opt,name=attribute_value_id,json=attributeValueId,proto3" json:"attribute_value_id,omitempty"`
- Terms []string `protobuf:"bytes,2,rep,name=terms,proto3" json:"terms,omitempty"`
+ AttributeValueId string `protobuf:"bytes,1,opt,name=attribute_value_id,json=attributeValueId,proto3" json:"attribute_value_id,omitempty"`
+ // Required
+ Terms []string `protobuf:"bytes,2,rep,name=terms,proto3" json:"terms,omitempty"`
+ // Optional
+ GroupId string `protobuf:"bytes,3,opt,name=group_id,json=groupId,proto3" json:"group_id,omitempty"`
// Optional
- GroupId string `protobuf:"bytes,3,opt,name=group_id,json=groupId,proto3" json:"group_id,omitempty"`
Metadata *common.MetadataMutable `protobuf:"bytes,100,opt,name=metadata,proto3" json:"metadata,omitempty"`
}
@@ -1019,9 +1023,12 @@ type UpdateResourceMappingRequest struct {
// Required
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
// Optional
- AttributeValueId string `protobuf:"bytes,4,opt,name=attribute_value_id,json=attributeValueId,proto3" json:"attribute_value_id,omitempty"`
- Terms []string `protobuf:"bytes,5,rep,name=terms,proto3" json:"terms,omitempty"`
- GroupId string `protobuf:"bytes,6,opt,name=group_id,json=groupId,proto3" json:"group_id,omitempty"`
+ AttributeValueId string `protobuf:"bytes,4,opt,name=attribute_value_id,json=attributeValueId,proto3" json:"attribute_value_id,omitempty"`
+ // Optional
+ Terms []string `protobuf:"bytes,5,rep,name=terms,proto3" json:"terms,omitempty"`
+ // Optional
+ GroupId string `protobuf:"bytes,6,opt,name=group_id,json=groupId,proto3" json:"group_id,omitempty"`
+ // Optional
// Common Metadata
Metadata *common.MetadataMutable `protobuf:"bytes,100,opt,name=metadata,proto3" json:"metadata,omitempty"`
MetadataUpdateBehavior common.MetadataUpdateEnum `protobuf:"varint,101,opt,name=metadata_update_behavior,json=metadataUpdateBehavior,proto3,enum=common.MetadataUpdateEnum" json:"metadata_update_behavior,omitempty"`
diff --git a/protocol/go/policy/subjectmapping/subject_mapping.pb.go b/protocol/go/policy/subjectmapping/subject_mapping.pb.go
index 58c9355fc..079dd1a8b 100644
--- a/protocol/go/policy/subjectmapping/subject_mapping.pb.go
+++ b/protocol/go/policy/subjectmapping/subject_mapping.pb.go
@@ -134,6 +134,7 @@ type GetSubjectMappingRequest struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
+ // Required
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
}
@@ -316,6 +317,7 @@ type CreateSubjectMappingRequest struct {
// Required
// Attribute Value to be mapped to
AttributeValueId string `protobuf:"bytes,1,opt,name=attribute_value_id,json=attributeValueId,proto3" json:"attribute_value_id,omitempty"`
+ // Required
// The actions permitted by subjects in this mapping
Actions []*policy.Action `protobuf:"bytes,2,rep,name=actions,proto3" json:"actions,omitempty"`
// Either of the following:
@@ -451,6 +453,7 @@ type UpdateSubjectMappingRequest struct {
// Optional
// Replaces the existing SubjectConditionSet id with a new one
SubjectConditionSetId string `protobuf:"bytes,2,opt,name=subject_condition_set_id,json=subjectConditionSetId,proto3" json:"subject_condition_set_id,omitempty"`
+ // Optional
// Replaces entire list of actions permitted by subjects
Actions []*policy.Action `protobuf:"bytes,3,rep,name=actions,proto3" json:"actions,omitempty"`
// Common metadata
@@ -578,6 +581,7 @@ type DeleteSubjectMappingRequest struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
+ // Required
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
}
@@ -673,6 +677,7 @@ type GetSubjectConditionSetRequest struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
+ // Required
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
}
@@ -1136,6 +1141,7 @@ type DeleteSubjectConditionSetRequest struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
+ // Required
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
}
diff --git a/protocol/go/policy/unsafe/unsafe.pb.go b/protocol/go/policy/unsafe/unsafe.pb.go
index 8ab2cb46e..1d1a305b5 100644
--- a/protocol/go/policy/unsafe/unsafe.pb.go
+++ b/protocol/go/policy/unsafe/unsafe.pb.go
@@ -32,7 +32,8 @@ type UnsafeUpdateNamespaceRequest struct {
unknownFields protoimpl.UnknownFields
// Required
- Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+ Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+ // Required
Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
}
@@ -137,6 +138,7 @@ type UnsafeReactivateNamespaceRequest struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
+ // Required
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
}
@@ -237,6 +239,7 @@ type UnsafeDeleteNamespaceRequest struct {
// Required
// UUID of the Namespace
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+ // Required
// Fully Qualified Name (FQN) of Namespace (i.e. https://), normalized to lower case.
Fqn string `protobuf:"bytes,2,opt,name=fqn,proto3" json:"fqn,omitempty"`
}
@@ -347,9 +350,11 @@ type UnsafeUpdateAttributeRequest struct {
// WARNING!!
// Updating the name of an Attribute will retroactively alter access to existing TDFs of the old and new Attribute name.
Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
+ // Optional
// WARNING!!
// Updating the rule of an Attribute will retroactively alter access to existing TDFs of the Attribute name.
Rule policy.AttributeRuleTypeEnum `protobuf:"varint,3,opt,name=rule,proto3,enum=policy.AttributeRuleTypeEnum" json:"rule,omitempty"`
+ // Optional
// WARNING!!
// Unsafe reordering requires the full list of values in the new order they should be stored. Updating the order of values in a HIERARCHY-rule Attribute Definition
// will retroactively alter access to existing TDFs containing those values. Replacing values on an attribute in place is not supported; values can be unsafely deleted
@@ -472,6 +477,7 @@ type UnsafeReactivateAttributeRequest struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
+ // Required
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
}
@@ -573,6 +579,7 @@ type UnsafeDeleteAttributeRequest struct {
// Required
// UUID of the Attribute
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+ // Required
// Fully Qualified Name (FQN) of Attribute Definition (i.e. https:///attr/), normalized to lower case.
Fqn string `protobuf:"bytes,2,opt,name=fqn,proto3" json:"fqn,omitempty"`
}
@@ -677,7 +684,9 @@ type UnsafeUpdateAttributeValueRequest struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
- Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+ // Required
+ Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+ // Required
Value string `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
}
@@ -781,6 +790,7 @@ type UnsafeReactivateAttributeValueRequest struct {
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
+ // Required
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
}
@@ -881,6 +891,7 @@ type UnsafeDeleteAttributeValueRequest struct {
// Required
// UUID of the Attribute Value
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+ // Required
// Fully Qualified Name (FQN) of Attribute Value (i.e. https:///attr//value/), normalized to lower case.
Fqn string `protobuf:"bytes,2,opt,name=fqn,proto3" json:"fqn,omitempty"`
}
diff --git a/service/policy/attributes/attributes.proto b/service/policy/attributes/attributes.proto
index 11c688506..ebbbf5a61 100644
--- a/service/policy/attributes/attributes.proto
+++ b/service/policy/attributes/attributes.proto
@@ -13,18 +13,22 @@ import "policy/selectors.proto";
*/
message AttributeKeyAccessServer {
+ // Required
string attribute_id = 1 [
(buf.validate.field).string.uuid = true
];
+ // Required
string key_access_server_id = 2 [
(buf.validate.field).string.uuid = true
];
}
message ValueKeyAccessServer {
+ // Required
string value_id = 1 [
(buf.validate.field).string.uuid = true
];
+ // Required
string key_access_server_id = 2 [
(buf.validate.field).string.uuid = true
];
@@ -35,9 +39,11 @@ message ValueKeyAccessServer {
*/
message ListAttributesRequest {
+ // Optional
// ACTIVE by default when not specified
common.ActiveStateEnum state = 1;
- // can be id or name
+ // Optional
+ // Namespace ID or name
string namespace = 2;
}
message ListAttributesResponse {
@@ -45,6 +51,7 @@ message ListAttributesResponse {
}
message GetAttributeRequest {
+ // Required
string id = 1 [
(buf.validate.field).string.uuid = true
];
@@ -58,6 +65,7 @@ message CreateAttributeRequest {
string namespace_id = 1 [
(buf.validate.field).string.uuid = true
];
+ // Required
string name = 2 [
(buf.validate.field).required = true,
(buf.validate.field).string.max_len = 253,
@@ -67,11 +75,13 @@ message CreateAttributeRequest {
expression: "this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$')"
}
];
+ // Required
AttributeRuleTypeEnum rule = 3 [
(buf.validate.field).enum.defined_only = true,
(buf.validate.field).required = true
];
- // Optional attribute values (when provided) must be alphanumeric strings, allowing hyphens and underscores but not as the first or last character.
+ // Optional
+ // Attribute values (when provided) must be alphanumeric strings, allowing hyphens and underscores but not as the first or last character.
// The stored attribute value will be normalized to lower case.
repeated string values = 4 [
(buf.validate.field).repeated = {
@@ -109,6 +119,7 @@ message UpdateAttributeResponse {
}
message DeactivateAttributeRequest {
+ // Required
string id = 1 [
(buf.validate.field).string.uuid = true
];
@@ -121,6 +132,7 @@ message DeactivateAttributeResponse {
/// Value RPC messages
///
message GetAttributeValueRequest {
+ // Required
string id = 1 [
(buf.validate.field).string.uuid = true
];
@@ -130,9 +142,11 @@ message GetAttributeValueResponse {
}
message ListAttributeValuesRequest {
+ // Required
string attribute_id = 1 [
(buf.validate.field).string.uuid = true
];
+ // Optional
// ACTIVE by default when not specified
common.ActiveStateEnum state = 2;
}
@@ -145,6 +159,7 @@ message CreateAttributeValueRequest {
string attribute_id = 1 [
(buf.validate.field).string.uuid = true
];
+ // Required
string value = 2 [
(buf.validate.field).required = true,
(buf.validate.field).string.max_len = 253,
@@ -159,6 +174,7 @@ message CreateAttributeValueRequest {
reserved "members";
reserved 3;
+ // Optional
// Common metadata
common.MetadataMutable metadata = 100;
}
@@ -167,6 +183,7 @@ message CreateAttributeValueResponse {
}
message UpdateAttributeValueRequest {
+ // Required
string id = 1 [
(buf.validate.field).string.uuid = true
];
@@ -175,6 +192,7 @@ message UpdateAttributeValueRequest {
reserved "members";
reserved 4;
+ // Optional
// Common metadata
common.MetadataMutable metadata = 100;
common.MetadataUpdateEnum metadata_update_behavior = 101;
@@ -184,6 +202,7 @@ message UpdateAttributeValueResponse {
}
message DeactivateAttributeValueRequest {
+ // Required
string id = 1 [
(buf.validate.field).string.uuid = true
];
@@ -212,6 +231,7 @@ message GetAttributeValuesByFqnsResponse {
*/
message AssignKeyAccessServerToAttributeRequest {
+ // Required
AttributeKeyAccessServer attribute_key_access_server = 1;
}
@@ -220,6 +240,7 @@ message AssignKeyAccessServerToAttributeResponse {
}
message RemoveKeyAccessServerFromAttributeRequest {
+ // Required
AttributeKeyAccessServer attribute_key_access_server = 1;
}
@@ -228,6 +249,7 @@ message RemoveKeyAccessServerFromAttributeResponse {
}
message AssignKeyAccessServerToValueRequest {
+ // Required
ValueKeyAccessServer value_key_access_server = 1;
}
@@ -236,6 +258,7 @@ message AssignKeyAccessServerToValueResponse {
}
message RemoveKeyAccessServerFromValueRequest {
+ // Required
ValueKeyAccessServer value_key_access_server = 1;
}
diff --git a/service/policy/kasregistry/key_access_server_registry.proto b/service/policy/kasregistry/key_access_server_registry.proto
index e4542b44c..62b93ea69 100644
--- a/service/policy/kasregistry/key_access_server_registry.proto
+++ b/service/policy/kasregistry/key_access_server_registry.proto
@@ -8,6 +8,7 @@ import "google/api/annotations.proto";
import "policy/objects.proto";
message GetKeyAccessServerRequest {
+ // Required
string id = 1 [
(buf.validate.field).string.uuid = true
];
@@ -30,8 +31,10 @@ message CreateKeyAccessServerRequest {
message: "URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.",
expression: "this.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')"
}];
+ // Required
PublicKey public_key = 2 [(buf.validate.field).required = true];
+ // Optional
// Common metadata
common.MetadataMutable metadata = 100;
}
@@ -44,13 +47,16 @@ message UpdateKeyAccessServerRequest {
string id = 1 [
(buf.validate.field).string.uuid = true
];
+ // Required
string uri = 2 [(buf.validate.field).cel = {
id: "optional_uri_format",
message: "Optional URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.",
expression: "size(this) == 0 || this.matches('^https?://[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?(\\\\.[a-zA-Z0-9]([a-zA-Z0-9\\\\-]{0,61}[a-zA-Z0-9])?)*(:[0-9]+)?(/.*)?$')"
}];
+ // Required
PublicKey public_key = 3;
+ // Optional
// Common metadata
common.MetadataMutable metadata = 100;
common.MetadataUpdateEnum metadata_update_behavior = 101;
@@ -60,6 +66,7 @@ message UpdateKeyAccessServerResponse {
}
message DeleteKeyAccessServerRequest {
+ // Required
string id = 1 [
(buf.validate.field).string.uuid = true
];
@@ -89,13 +96,16 @@ message KeyAccessServerGrants {
// GET request to the specific policy object.
message ListKeyAccessServerGrantsRequest {
// Optional
- // Filter LIST by either ID or URI of a registered Key Access Server.
+ // Filter LIST by either ID of a registered Key Access Server.
// If neither is provided, grants from all registered KASs to policy attribute objects are returned.
string kas_id = 1 [(buf.validate.field).cel = {
id: "optional_uuid_format",
message: "Optional field must be a valid UUID",
expression: "size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}')"
}];
+ // Optional
+ // Filter LIST by URI of a registered Key Access Server.
+ // If neither is provided, grants from all registered KASs to policy attribute objects are returned.
string kas_uri = 2 [(buf.validate.field).cel = {
id: "optional_uri_format",
message: "Optional URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes.",
diff --git a/service/policy/namespaces/namespaces.proto b/service/policy/namespaces/namespaces.proto
index dc42fec9a..6b66701be 100644
--- a/service/policy/namespaces/namespaces.proto
+++ b/service/policy/namespaces/namespaces.proto
@@ -13,9 +13,11 @@ import "policy/objects.proto";
*/
message NamespaceKeyAccessServer {
+ // Required
string namespace_id = 1 [
(buf.validate.field).string.uuid = true
];
+ // Required
string key_access_server_id = 2 [
(buf.validate.field).string.uuid = true
];
@@ -28,6 +30,7 @@ message NamespaceKeyAccessServer {
*/
message GetNamespaceRequest {
+ // Required
string id = 1 [
(buf.validate.field).string.uuid = true
];
@@ -37,6 +40,7 @@ message GetNamespaceResponse {
}
message ListNamespacesRequest {
+ // Optional
// ACTIVE by default when not specified
common.ActiveStateEnum state = 1;
}
@@ -78,6 +82,7 @@ message UpdateNamespaceResponse {
}
message DeactivateNamespaceRequest {
+ // Required
string id = 1 [
(buf.validate.field).string.uuid = true
];
diff --git a/service/policy/resourcemapping/resource_mapping.proto b/service/policy/resourcemapping/resource_mapping.proto
index 03cd88928..1bbe86429 100644
--- a/service/policy/resourcemapping/resource_mapping.proto
+++ b/service/policy/resourcemapping/resource_mapping.proto
@@ -44,6 +44,7 @@ message CreateResourceMappingGroupRequest {
(buf.validate.field).string.uuid = true
];
+ // Required
string name = 2 [(buf.validate.field).required = true];
// Common metadata
@@ -67,6 +68,7 @@ message UpdateResourceMappingGroupRequest {
expression: "size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}')"
}];
+ // Optional
string name = 3 [
(buf.validate.field).string.max_len = 253,
(buf.validate.field).cel = {
@@ -157,6 +159,7 @@ message CreateResourceMappingRequest {
(buf.validate.field).string.uuid = true
];
+ // Required
repeated string terms = 2 [(buf.validate.field).repeated = {
min_items: 1,
max_items: 1000,
@@ -169,6 +172,7 @@ message CreateResourceMappingRequest {
expression: "size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}')"
}];
+ // Optional
common.MetadataMutable metadata = 100;
}
message CreateResourceMappingResponse {
@@ -188,16 +192,19 @@ message UpdateResourceMappingRequest {
expression: "size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}')"
}];
+ // Optional
repeated string terms = 5 [(buf.validate.field).repeated = {
max_items: 1000,
}];
+ // Optional
string group_id = 6 [(buf.validate.field).cel = {
id: "optional_uuid_format",
message: "Optional field must be a valid UUID",
expression: "size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}')"
}];
+ // Optional
// Common Metadata
common.MetadataMutable metadata = 100;
common.MetadataUpdateEnum metadata_update_behavior = 101;
diff --git a/service/policy/subjectmapping/subject_mapping.proto b/service/policy/subjectmapping/subject_mapping.proto
index cbb1e894e..c742ee453 100644
--- a/service/policy/subjectmapping/subject_mapping.proto
+++ b/service/policy/subjectmapping/subject_mapping.proto
@@ -34,6 +34,7 @@ message MatchSubjectMappingsResponse {
*/
message GetSubjectMappingRequest {
+ // Required
string id = 1 [
(buf.validate.field).string.uuid = true
];
@@ -53,6 +54,7 @@ message CreateSubjectMappingRequest{
string attribute_value_id = 1 [
(buf.validate.field).string.uuid = true
];
+ // Required
// The actions permitted by subjects in this mapping
repeated policy.Action actions = 2 [(buf.validate.field).repeated.min_items = 1];
@@ -86,6 +88,7 @@ message UpdateSubjectMappingRequest {
message: "Optional field must be a valid UUID",
expression: "size(this) == 0 || this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}')"
}];
+ // Optional
// Replaces entire list of actions permitted by subjects
repeated policy.Action actions = 3;
@@ -99,6 +102,7 @@ message UpdateSubjectMappingResponse {
}
message DeleteSubjectMappingRequest {
+ // Required
string id = 1 [
(buf.validate.field).string.uuid = true
];
@@ -113,6 +117,7 @@ message DeleteSubjectMappingResponse {
*/
message GetSubjectConditionSetRequest {
+ // Required
string id = 1 [
(buf.validate.field).string.uuid = true
];
@@ -163,6 +168,7 @@ message UpdateSubjectConditionSetResponse {
}
message DeleteSubjectConditionSetRequest {
+ // Required
string id = 1 [
(buf.validate.field).string.uuid = true
];
diff --git a/service/policy/unsafe/unsafe.proto b/service/policy/unsafe/unsafe.proto
index 566058bf2..dbbbb7896 100644
--- a/service/policy/unsafe/unsafe.proto
+++ b/service/policy/unsafe/unsafe.proto
@@ -17,6 +17,7 @@ message UnsafeUpdateNamespaceRequest {
(buf.validate.field).string.uuid = true
];
+ // Required
string name = 2 [
(buf.validate.field).string.max_len = 253,
(buf.validate.field).cel = {
@@ -34,6 +35,7 @@ message UnsafeUpdateNamespaceResponse {
// Reactivating a Namespace can potentially open up an access path to existing TDFs containing any Attributes under the Namespace.
// Active state of any Definitions and their Values under this Namespace will NOT be changed.
message UnsafeReactivateNamespaceRequest {
+ // Required
string id = 1 [
(buf.validate.field).string.uuid = true
];
@@ -51,6 +53,7 @@ message UnsafeDeleteNamespaceRequest {
string id = 1 [
(buf.validate.field).string.uuid = true
];
+ // Required
// Fully Qualified Name (FQN) of Namespace (i.e. https://), normalized to lower case.
string fqn = 2 [(buf.validate.field).required = true];
}
@@ -80,11 +83,13 @@ message UnsafeUpdateAttributeRequest {
expression: "size(this) > 0 ? this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$') : true"
}
];
+ // Optional
// WARNING!!
// Updating the rule of an Attribute will retroactively alter access to existing TDFs of the Attribute name.
AttributeRuleTypeEnum rule = 3 [
(buf.validate.field).enum.defined_only = true
];
+ // Optional
// WARNING!!
// Unsafe reordering requires the full list of values in the new order they should be stored. Updating the order of values in a HIERARCHY-rule Attribute Definition
// will retroactively alter access to existing TDFs containing those values. Replacing values on an attribute in place is not supported; values can be unsafely deleted
@@ -99,6 +104,7 @@ message UnsafeUpdateAttributeResponse {
// Reactivating an Attribute can potentially open up an access path to existing TDFs containing the Attribute name.
// Active state of any Values under this Attribute Definition will NOT be changed.
message UnsafeReactivateAttributeRequest {
+ // Required
string id = 1 [
(buf.validate.field).string.uuid = true
];
@@ -117,6 +123,7 @@ message UnsafeDeleteAttributeRequest {
string id = 1 [
(buf.validate.field).string.uuid = true
];
+ // Required
// Fully Qualified Name (FQN) of Attribute Definition (i.e. https:///attr/), normalized to lower case.
string fqn = 2 [(buf.validate.field).required = true];
}
@@ -131,10 +138,12 @@ message UnsafeDeleteAttributeResponse {
// WARNING!!
// Updating an Attribute Value will retroactively alter access to existing TDFs containing the old and new Attribute Value.
message UnsafeUpdateAttributeValueRequest {
+ // Required
string id = 1 [
(buf.validate.field).string.uuid = true
];
+ // Required
string value = 2 [
(buf.validate.field).string.max_len = 253,
(buf.validate.field).cel = {
@@ -151,6 +160,7 @@ message UnsafeUpdateAttributeValueResponse {
// WARNING!!
// Reactivating an Attribute Value can potentially open up an access path to existing TDFs containing the Attribute Value.
message UnsafeReactivateAttributeValueRequest {
+ // Required
string id = 1 [
(buf.validate.field).string.uuid = true
];
@@ -168,6 +178,7 @@ message UnsafeDeleteAttributeValueRequest {
string id = 1 [
(buf.validate.field).string.uuid = true
];
+ // Required
// Fully Qualified Name (FQN) of Attribute Value (i.e. https:///attr//value/), normalized to lower case.
string fqn = 2 [(buf.validate.field).required = true];
}