diff --git a/cmd/status/root_test.go b/cmd/status/root_test.go
index df879b2dd..01d794c65 100644
--- a/cmd/status/root_test.go
+++ b/cmd/status/root_test.go
@@ -37,7 +37,7 @@ func TestStatusCmd(t *testing.T) {
defer cancel()
stdErr := cmdx.ExecExpectedErrCtx(ctx, t, newStatusCmd(), "--"+FlagEndpoint, string(serverType), "--"+ts.FlagRemote, ts.Addr[:len(ts.Addr)-1])
- assert.Equal(t, "context deadline exceeded", stdErr)
+ assert.Contains(t, stdErr, "context deadline exceeded")
})
t.Run("case=noblock", func(t *testing.T) {
diff --git a/embedx/config.schema.json b/embedx/config.schema.json
index 184c135fd..be38a0222 100644
--- a/embedx/config.schema.json
+++ b/embedx/config.schema.json
@@ -380,6 +380,22 @@
"description": "The global maximum width on all read operations. Note that this does not affect how deeply nested the tuples can be. This value can be decreased for a request by a value specified on the request, only if the request-specific value is greater than 1 and less than the global maximum width.",
"minimum": 1,
"maximum": 65535
+ },
+ "max_batch_check_size": {
+ "type": "integer",
+ "default": 10,
+ "title": "Maximum batch check size",
+ "description": "The maximum number of tuples that will be accepted by the batch check endpoint.",
+ "minimum": 1,
+ "maximum": 65535
+ },
+ "batch_check_max_parallelization": {
+ "type": "integer",
+ "default": 5,
+ "title": "Max concurrent checks during batch check",
+ "description": "The limit for the number of tuples that will be checked concurrently during a batch check.",
+ "minimum": 1,
+ "maximum": 65535
}
},
"additionalProperties": false
diff --git a/go.mod b/go.mod
index c24de0c23..1f1e277b8 100644
--- a/go.mod
+++ b/go.mod
@@ -45,9 +45,9 @@ require (
go.opentelemetry.io/otel/trace v1.21.0
go.uber.org/goleak v1.3.0
golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa
- golang.org/x/oauth2 v0.14.0
+ golang.org/x/oauth2 v0.16.0
golang.org/x/sync v0.7.0
- google.golang.org/grpc v1.59.0
+ google.golang.org/grpc v1.62.0
google.golang.org/protobuf v1.33.0
)
@@ -97,7 +97,7 @@ require (
github.com/goccy/go-yaml v1.11.2 // indirect
github.com/gofrs/flock v0.8.1 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
- github.com/golang/glog v1.1.2 // indirect
+ github.com/golang/glog v1.2.0 // indirect
github.com/golang/protobuf v1.5.3 // indirect
github.com/google/pprof v0.0.0-20230926050212-f7f687d19a98 // indirect
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
@@ -192,9 +192,9 @@ require (
golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
google.golang.org/appengine v1.6.8 // indirect
- google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17 // indirect
- google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17 // indirect
- google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17 // indirect
+ google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 // indirect
+ google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80 // indirect
+ google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
diff --git a/go.sum b/go.sum
index 9ee55855f..499d5ef57 100644
--- a/go.sum
+++ b/go.sum
@@ -78,8 +78,8 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk
github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 h1:/inchEIKaYC1Akx+H+gqO04wryn5h75LSazbRlnya1k=
-github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa h1:jQCWAUqqlij9Pgj2i/PB79y4KOPYVyFYdROxgaCwdTQ=
+github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa/go.mod h1:x/1Gn8zydmfq8dk6e9PdstVsDgu9RuyIIJqAaF//0IM=
github.com/cockroachdb/apd v1.1.0 h1:3LFP3629v+1aKXU5Q37mxmRxX/pIu1nijXydLShEq5I=
github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ=
github.com/cockroachdb/cockroach-go/v2 v2.3.5 h1:Khtm8K6fTTz/ZCWPzU9Ne3aOW9VyAnj4qIPCJgKtwK0=
@@ -121,8 +121,8 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m
github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/envoyproxy/protoc-gen-validate v1.0.2 h1:QkIBuU5k+x7/QXPvPPnWXWlCdaBFApVqftFV6k087DA=
-github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE=
+github.com/envoyproxy/protoc-gen-validate v1.0.4 h1:gVPz/FMfvh57HdSJQyvBtF00j8JU4zdyUgIUNhlgg0A=
+github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZH4Blx/1gTIZ2UKVY1M+Yew=
github.com/evanphx/json-patch/v5 v5.7.0 h1:nJqP7uwL84RJInrohHfW0Fx3awjbm8qZeFv0nW9SYGc=
github.com/evanphx/json-patch/v5 v5.7.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ=
github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
@@ -212,8 +212,8 @@ github.com/gofrs/uuid v4.4.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRx
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/glog v1.1.2 h1:DVjP2PbBOzHyzA+dn3WhHIq4NdVu3Q+pvivFICf/7fo=
-github.com/golang/glog v1.1.2/go.mod h1:zR+okUeTbrL6EL3xHUDxZuEtGv04p5shwip1+mL/rLQ=
+github.com/golang/glog v1.2.0 h1:uCdmnmatrKCgMBlM4rMuJZWOkPDqdbZPnrMXDY4gI68=
+github.com/golang/glog v1.2.0/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w=
github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -767,8 +767,8 @@ golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ
golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.14.0 h1:P0Vrf/2538nmC0H+pEQ3MNFRRnVR7RlqyVw+bvm26z0=
-golang.org/x/oauth2 v0.14.0/go.mod h1:lAtNWgaWfL4cm7j2OV8TxGi9Qb7ECORx8DktCY74OwM=
+golang.org/x/oauth2 v0.16.0 h1:aDkGMBSYxElaoP81NpoUoz2oo2R2wHdZpGToUxfyQrQ=
+golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -992,12 +992,12 @@ google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6D
google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17 h1:wpZ8pe2x1Q3f2KyT5f8oP/fa9rHAKgFPr/HZdNuS+PQ=
-google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:J7XzRzVy1+IPwWHZUzoD0IccYZIrXILAQpc+Qy9CMhY=
-google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17 h1:JpwMPBpFN3uKhdaekDpiNlImDdkUAyiJ6ez/uxGaUSo=
-google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:0xJLfVdJqpAPl8tDg1ujOCGzx6LFLttXT5NhllGOXY4=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17 h1:Jyp0Hsi0bmHXG6k9eATXoYtjd6e2UzZ1SCn/wIupY14=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:oQ5rr10WTTMvP4A36n8JpR1OrO1BEiV4f78CneXZxkA=
+google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 h1:KAeGQVN3M9nD0/bQXnr/ClcEMJ968gUXJQ9pwfSynuQ=
+google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80/go.mod h1:cc8bqMqtv9gMOr0zHg2Vzff5ULhhL2IXP4sbcn32Dro=
+google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80 h1:Lj5rbfG876hIAYFjqiJnPHfhXbv+nzTWfm04Fg/XSVU=
+google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80/go.mod h1:4jWUdICTdgc3Ibxmr8nAJiiLHwQBY0UI0XZcEMaFKaA=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 h1:AjyfHzEPEFp/NpvfN5g+KDla3EMojjhRVZc1i7cj+oM=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80/go.mod h1:PAREbraiVEVGVdTZsVWjSbbTtSyGbAgIIvni8a8CD5s=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@@ -1014,8 +1014,8 @@ google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM
google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk=
-google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98=
+google.golang.org/grpc v1.62.0 h1:HQKZ/fa1bXkX1oFOvSjmZEUL8wLSaZTjCcLAlmZRtdk=
+google.golang.org/grpc v1.62.0/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE=
google.golang.org/grpc/examples v0.0.0-20210304020650-930c79186c99 h1:qA8rMbz1wQ4DOFfM2ouD29DG9aHWBm6ZOy9BGxiUMmY=
google.golang.org/grpc/examples v0.0.0-20210304020650-930c79186c99/go.mod h1:Ly7ZA/ARzg8fnPU9TyZIxoz33sEUuWX7txiqs8lPTgE=
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
diff --git a/internal/check/checkgroup/membership_string.go b/internal/check/checkgroup/membership_string.go
index e6c36bc9b..a5670b365 100644
--- a/internal/check/checkgroup/membership_string.go
+++ b/internal/check/checkgroup/membership_string.go
@@ -1,6 +1,3 @@
-// Copyright © 2023 Ory Corp
-// SPDX-License-Identifier: Apache-2.0
-
// Code generated by "stringer -type Membership"; DO NOT EDIT.
package checkgroup
diff --git a/internal/check/engine.go b/internal/check/engine.go
index 8eea393bb..31508b693 100644
--- a/internal/check/engine.go
+++ b/internal/check/engine.go
@@ -6,11 +6,11 @@ package check
import (
"context"
- "github.com/pkg/errors"
- "go.opentelemetry.io/otel/trace"
-
"github.com/ory/herodot"
"github.com/ory/x/otelx"
+ "github.com/pkg/errors"
+ "go.opentelemetry.io/otel/trace"
+ "golang.org/x/sync/errgroup"
"github.com/ory/keto/x/events"
@@ -34,6 +34,7 @@ type (
}
EngineDependencies interface {
relationtuple.ManagerProvider
+ relationtuple.MapperProvider
persistence.Provider
config.Provider
x.LoggerProvider
@@ -264,3 +265,38 @@ func (e *Engine) astRelationFor(ctx context.Context, r *relationTuple) (*ast.Rel
}
return namespace.ASTRelationFor(ctx, namespaceManager, r.Namespace, r.Relation)
}
+
+// BatchCheck makes parallelized check requests for tuples. The check results are returned as slice, where the
+// result index matches the tuple index of the incoming tuples array.
+func (e *Engine) BatchCheck(ctx context.Context,
+ tuples []*ketoapi.RelationTuple,
+ maxDepth int) ([]checkgroup.Result, error) {
+
+ eg := &errgroup.Group{}
+ eg.SetLimit(e.d.Config(ctx).BatchCheckParallelizationLimit())
+
+ mapper := e.d.ReadOnlyMapper()
+ results := make([]checkgroup.Result, len(tuples))
+ for i, tuple := range tuples {
+ i := i
+ tuple := tuple
+ eg.Go(func() error {
+ internalTuple, err := mapper.FromTuple(ctx, tuple)
+ if err != nil {
+ results[i] = checkgroup.Result{
+ Membership: checkgroup.MembershipUnknown,
+ Err: err,
+ }
+ } else {
+ results[i] = e.CheckRelationTuple(ctx, internalTuple[0], maxDepth)
+ }
+ return nil
+ })
+ }
+
+ if err := eg.Wait(); err != nil {
+ return nil, err
+ }
+
+ return results, nil
+}
diff --git a/internal/check/engine_test.go b/internal/check/engine_test.go
index 14cf83404..f430f23b4 100644
--- a/internal/check/engine_test.go
+++ b/internal/check/engine_test.go
@@ -8,10 +8,13 @@ import (
"testing"
"github.com/gofrs/uuid"
+ "github.com/ory/herodot"
+ "github.com/ory/x/pointerx"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/ory/keto/internal/check"
+ "github.com/ory/keto/internal/check/checkgroup"
"github.com/ory/keto/internal/driver"
"github.com/ory/keto/internal/driver/config"
"github.com/ory/keto/internal/namespace"
@@ -27,6 +30,7 @@ type configProvider = config.Provider
// deps are defined to capture engine dependencies in a single struct
type deps struct {
*relationtuple.ManagerWrapper // managerProvider
+ relationtuple.MapperProvider
persistence.Provider
configProvider
x.LoggerProvider
@@ -41,6 +45,7 @@ func newDepsProvider(t testing.TB, namespaces []*namespace.Namespace, pageOpts .
return &deps{
ManagerWrapper: mr,
+ MapperProvider: reg,
Provider: reg,
configProvider: reg,
LoggerProvider: reg,
@@ -576,4 +581,104 @@ func TestEngine(t *testing.T) {
assert.True(t, res)
}
})
+
+ t.Run("case=batch check", func(t *testing.T) {
+ reg := newDepsProvider(t, []*namespace.Namespace{
+ {Name: "test"},
+ })
+
+ relationtuple.MapAndWriteTuples(t, reg, &ketoapi.RelationTuple{
+ Namespace: "test",
+ Object: "object",
+ Relation: "admin",
+ SubjectID: pointerx.Ptr("user"),
+ },
+ &ketoapi.RelationTuple{
+ Namespace: "test",
+ Object: "object",
+ Relation: "owner",
+ SubjectSet: &ketoapi.SubjectSet{
+ Namespace: "test",
+ Object: "object",
+ Relation: "admin",
+ },
+ },
+ &ketoapi.RelationTuple{
+ Namespace: "test",
+ Object: "object",
+ Relation: "access",
+ SubjectSet: &ketoapi.SubjectSet{
+ Namespace: "test",
+ Object: "object",
+ Relation: "owner",
+ },
+ })
+
+ e := check.NewEngine(reg)
+
+ targetTuples := []*ketoapi.RelationTuple{
+ { // direct relation
+ Namespace: "test",
+ Object: "object",
+ Relation: "admin",
+ SubjectID: pointerx.Ptr("user"),
+ },
+ { // indirect relation
+ Namespace: "test",
+ Object: "object",
+ Relation: "owner",
+ SubjectID: pointerx.Ptr("user"),
+ },
+ { // indirect relation, greater than max depth
+ Namespace: "test",
+ Object: "object",
+ Relation: "access",
+ SubjectID: pointerx.Ptr("user"),
+ },
+ { // non-existent namespace
+ Namespace: "test2",
+ Object: "object",
+ Relation: "admin",
+ SubjectID: pointerx.Ptr("user"),
+ },
+ { // unknown subject
+ Namespace: "test",
+ Object: "object",
+ Relation: "admin",
+ SubjectID: pointerx.Ptr("user2"),
+ },
+ { // relation via subject set
+ Namespace: "test",
+ Object: "object",
+ Relation: "access",
+ SubjectSet: &ketoapi.SubjectSet{
+ Namespace: "test",
+ Object: "object",
+ Relation: "owner",
+ },
+ },
+ }
+
+ // Batch check with low max depth
+ results, err := e.BatchCheck(ctx, targetTuples, 2)
+ require.NoError(t, err)
+
+ require.Equal(t, checkgroup.IsMember, results[0].Membership)
+ require.NoError(t, results[0].Err)
+ require.Equal(t, checkgroup.IsMember, results[1].Membership)
+ require.NoError(t, results[1].Err)
+ require.Equal(t, checkgroup.NotMember, results[2].Membership)
+ require.NoError(t, results[2].Err)
+ require.Equal(t, checkgroup.MembershipUnknown, results[3].Membership)
+ require.EqualError(t, results[3].Err, herodot.ErrNotFound.Error())
+ require.Equal(t, checkgroup.NotMember, results[4].Membership)
+ require.NoError(t, results[4].Err)
+ require.Equal(t, checkgroup.IsMember, results[5].Membership)
+ require.NoError(t, results[5].Err)
+
+ // Check with higher max depth and verify the third tuple is now shown as a member
+ results, err = e.BatchCheck(ctx, targetTuples, 3)
+ require.NoError(t, err)
+ require.Equal(t, checkgroup.IsMember, results[2].Membership)
+ })
}
diff --git a/internal/check/handler.go b/internal/check/handler.go
index 3034c4293..a610b6a97 100644
--- a/internal/check/handler.go
+++ b/internal/check/handler.go
@@ -10,17 +10,21 @@ import (
"net/http"
"net/url"
- "github.com/pkg/errors"
-
- "github.com/ory/herodot"
+ "github.com/julienschmidt/httprouter"
- "github.com/ory/keto/ketoapi"
+ "github.com/pkg/errors"
- "github.com/julienschmidt/httprouter"
"google.golang.org/grpc"
+ "google.golang.org/grpc/codes"
+ "google.golang.org/grpc/status"
+
+ "github.com/ory/herodot"
+ "github.com/ory/keto/internal/check/checkgroup"
+ "github.com/ory/keto/internal/driver/config"
"github.com/ory/keto/internal/relationtuple"
"github.com/ory/keto/internal/x"
+ "github.com/ory/keto/ketoapi"
rts "github.com/ory/keto/proto/ory/keto/relation_tuples/v1alpha2"
)
@@ -31,6 +35,7 @@ type (
relationtuple.MapperProvider
x.LoggerProvider
x.WriterProvider
+ config.Provider // TODO does this need to be instantiated?
}
Handler struct {
d handlerDependencies
@@ -49,6 +54,7 @@ func NewHandler(d handlerDependencies) *Handler {
const (
RouteBase = "/relation-tuples/check"
OpenAPIRouteBase = RouteBase + "/openapi"
+ BatchRoute = "/relation-tuples/batch/check"
)
func (h *Handler) RegisterReadRoutes(r *x.ReadRouter) {
@@ -56,6 +62,7 @@ func (h *Handler) RegisterReadRoutes(r *x.ReadRouter) {
r.GET(OpenAPIRouteBase, h.getCheckNoStatus)
r.POST(RouteBase, h.postCheckMirrorStatus)
r.POST(OpenAPIRouteBase, h.postCheckNoStatus)
+ r.POST(BatchRoute, h.batchCheck)
}
func (h *Handler) RegisterReadGRPC(s *grpc.Server) {
@@ -74,6 +81,20 @@ type CheckPermissionResult struct {
Allowed bool `json:"allowed"`
}
+// Check Permission Result With Error
+//
+// swagger:model checkPermissionResultWithError
+type CheckPermissionResultWithError struct {
+ // whether the relation tuple is allowed
+ //
+ // required: true
+ Allowed bool `json:"allowed"`
+ // any error generated while checking the relation tuple
+ //
+ // required: false
+ Error string `json:"error,omitempty"`
+}
+
// Check Permission Request Parameters
//
// swagger:parameters checkPermission
@@ -329,3 +350,134 @@ func (h *Handler) Check(ctx context.Context, req *rts.CheckRequest) (*rts.CheckR
Snaptoken: "not yet implemented",
}, nil
}
+
+// Batch Check Permission Request Parameters
+//
+// swagger:parameters batchCheckPermission
+//
+//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions
+type batchCheckPermission struct {
+ // in: query
+ MaxDepth int `json:"max-depth"`
+
+ // in: body
+ Body batchCheckPermissionBody
+}
+
+// Batch Check Permission Body
+//
+// swagger:model batchCheckPermissionBody
+//
+//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions
+type batchCheckPermissionBody struct {
+ Tuples []*ketoapi.RelationTuple `json:"tuples"`
+}
+
+// Batch Check Permission Result
+//
+// swagger:model batchCheckPermissionResult
+type BatchCheckPermissionResult struct {
+ // An array of check results. The order aligns with the input order.
+ //
+ // required: true
+ Results []*CheckPermissionResultWithError `json:"results"`
+}
+
+// swagger:route POST /relation-tuples/batch/check permission batchCheckPermission
+//
+// # Batch check permissions
+//
+// To learn how relationship tuples and the check works, head over to [the documentation](https://www.ory.sh/docs/keto/concepts/api-overview).
+//
+// Consumes:
+// - application/json
+//
+// Produces:
+// - application/json
+//
+// Schemes: http, https
+//
+// Responses:
+// 200: batchCheckPermissionResult
+// 400: errorGeneric
+// default: errorGeneric
+func (h *Handler) batchCheck(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
+ results, err := h.doBatchCheck(r.Context(), r.Body, r.URL.Query())
+ if err != nil {
+ h.d.Writer().WriteError(w, r, err)
+ return
+ }
+
+ h.d.Writer().Write(w, r, &BatchCheckPermissionResult{Results: results})
+}
+
+// doBatchCheck is the HTTP entry point for checking batches of tuples
+func (h *Handler) doBatchCheck(ctx context.Context, body io.Reader, query url.Values) ([]*CheckPermissionResultWithError, error) {
+ maxDepth, err := x.GetMaxDepthFromQuery(query)
+ if err != nil {
+ return nil, err
+ }
+ var request batchCheckPermissionBody
+ if err := json.NewDecoder(body).Decode(&request); err != nil {
+ return nil, errors.WithStack(herodot.ErrBadRequest.WithErrorf("could not unmarshal json: %s", err.Error()))
+ }
+
+ if len(request.Tuples) > h.d.Config(ctx).BatchCheckMaxBatchSize() {
+ return nil, herodot.ErrBadRequest.WithErrorf("batch exceeds max size of %v",
+ h.d.Config(ctx).BatchCheckMaxBatchSize())
+ }
+
+ results, err := h.d.PermissionEngine().BatchCheck(ctx, request.Tuples, maxDepth)
+ if err != nil {
+ return nil, err
+ }
+
+ responses := make([]*CheckPermissionResultWithError, len(request.Tuples))
+ for i, result := range results {
+ errMsg := ""
+ if result.Err != nil {
+ errMsg = result.Err.Error()
+ }
+ responses[i] = &CheckPermissionResultWithError{
+ Allowed: result.Membership == checkgroup.IsMember,
+ Error: errMsg,
+ }
+ }
+
+ return responses, nil
+}
+
+// BatchCheck is the gRPC entry point for checking batches of tuples
+func (h *Handler) BatchCheck(ctx context.Context, req *rts.BatchCheckRequest) (*rts.BatchCheckResponse, error) {
+ if len(req.Tuples) > h.d.Config(ctx).BatchCheckMaxBatchSize() {
+ return nil, status.Errorf(codes.InvalidArgument,
+ "batch exceeds max size of %v", h.d.Config(ctx).BatchCheckMaxBatchSize())
+ }
+
+ ketoTuples := make([]*ketoapi.RelationTuple, len(req.Tuples))
+ for i, tuple := range req.Tuples {
+ ketoTuples[i] = (&ketoapi.RelationTuple{}).FromProto(tuple)
+ }
+
+ results, err := h.d.PermissionEngine().BatchCheck(ctx, ketoTuples, int(req.MaxDepth))
+ if err != nil {
+ return nil, err
+ }
+
+ responses := make([]*rts.CheckResponseWithError, len(results))
+ for i, result := range results {
+ errMsg := ""
+ if result.Err != nil {
+ errMsg = result.Err.Error()
+ }
+ responses[i] = &rts.CheckResponseWithError{
+ Allowed: result.Membership == checkgroup.IsMember,
+ Error: errMsg,
+ Snaptoken: "not yet implemented",
+ }
+ }
+
+ return &rts.BatchCheckResponse{
+ Results: responses,
+ }, nil
+}
diff --git a/internal/check/handler_test.go b/internal/check/handler_test.go
index 31c119159..fe927b47a 100644
--- a/internal/check/handler_test.go
+++ b/internal/check/handler_test.go
@@ -4,29 +4,40 @@
package check_test
import (
+ "bytes"
"context"
+ "encoding/json"
+ "fmt"
"io"
+ "net"
"net/http"
"net/http/httptest"
"net/url"
+ "strings"
"testing"
- "github.com/ory/x/pointerx"
-
- "github.com/ory/keto/ketoapi"
-
- "github.com/ory/keto/internal/driver/config"
+ "google.golang.org/grpc"
+ "google.golang.org/grpc/codes"
+ "google.golang.org/grpc/credentials/insecure"
+ "google.golang.org/grpc/status"
+ "google.golang.org/grpc/test/bufconn"
"github.com/julienschmidt/httprouter"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/tidwall/gjson"
+ "github.com/ory/x/pointerx"
+
"github.com/ory/keto/internal/check"
"github.com/ory/keto/internal/driver"
+ "github.com/ory/keto/internal/driver/config"
+ client "github.com/ory/keto/internal/httpclient"
"github.com/ory/keto/internal/namespace"
"github.com/ory/keto/internal/relationtuple"
"github.com/ory/keto/internal/x"
+ "github.com/ory/keto/ketoapi"
+ rts "github.com/ory/keto/proto/ory/keto/relation_tuples/v1alpha2"
)
func assertAllowed(t *testing.T, resp *http.Response) {
@@ -59,7 +70,7 @@ func openAPIAssertDenied(t *testing.T, resp *http.Response) {
assert.False(t, gjson.GetBytes(body, "allowed").Bool())
}
-func TestRESTHandler(t *testing.T) {
+func TestCheckRESTHandler(t *testing.T) {
nspaces := []*namespace.Namespace{{
Name: "check handler",
}}
@@ -156,3 +167,248 @@ func TestRESTHandler(t *testing.T) {
})
}
}
+
+func TestBatchCheckRESTHandler(t *testing.T) {
+ nspaces := []*namespace.Namespace{{
+ Name: "batch-check-handler",
+ }}
+
+ ctx, cancel := context.WithCancel(context.Background())
+ defer cancel()
+ reg := driver.NewSqliteTestRegistry(t, false)
+ require.NoError(t, reg.Config(ctx).Set(config.KeyNamespaces, nspaces))
+ h := check.NewHandler(reg)
+ r := httprouter.New()
+ h.RegisterReadRoutes(&x.ReadRouter{Router: r})
+ ts := httptest.NewServer(r)
+ defer ts.Close()
+
+ t.Run("case=returns bad request on non-int max depth", func(t *testing.T) {
+ resp, err := ts.Client().Post(ts.URL+check.BatchRoute+"?max-depth=foo",
+ "application/json", nil)
+ require.NoError(t, err)
+
+ assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
+ body, err := io.ReadAll(resp.Body)
+ require.NoError(t, err)
+ assert.Contains(t, string(body), "invalid syntax")
+ })
+
+ t.Run("case=returns bad request on invalid request body", func(t *testing.T) {
+ resp, err := ts.Client().Post(buildBatchURL(ts.URL, "5"),
+ "application/json", strings.NewReader("not-json"))
+ require.NoError(t, err)
+
+ assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
+ body, err := io.ReadAll(resp.Body)
+ require.NoError(t, err)
+ assert.Contains(t, string(body), "could not unmarshal json")
+ })
+
+ t.Run("case=returns bad request with too many tuples", func(t *testing.T) {
+ tuples := make([]client.Relationship, 11)
+ for i := 0; i < len(tuples); i++ {
+ tuples[i] = client.Relationship{
+ Namespace: "n",
+ Object: "o",
+ Relation: "r",
+ SubjectId: pointerx.Ptr("s"),
+ }
+ }
+ reqBody := client.BatchCheckPermissionBody{Tuples: tuples}
+ bodyBytes, err := json.Marshal(reqBody)
+ require.NoError(t, err)
+
+ resp, err := ts.Client().Post(buildBatchURL(ts.URL, "5"),
+ "application/json", bytes.NewReader(bodyBytes))
+ require.NoError(t, err)
+
+ assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
+ body, err := io.ReadAll(resp.Body)
+ require.NoError(t, err)
+ assert.Contains(t, string(body), "batch exceeds max size of 10")
+ })
+
+ t.Run("case=check tuples", func(t *testing.T) {
+ rt := &ketoapi.RelationTuple{
+ Namespace: nspaces[0].Name,
+ Object: "o",
+ Relation: "r",
+ SubjectID: pointerx.Ptr("s"),
+ }
+ relationtuple.MapAndWriteTuples(t, reg, rt)
+
+ reqBody := client.BatchCheckPermissionBody{Tuples: []client.Relationship{
+ { // Allowed
+ Namespace: nspaces[0].Name,
+ Object: "o",
+ Relation: "r",
+ SubjectId: pointerx.Ptr("s"),
+ },
+ { // Not-allowed
+ Namespace: nspaces[0].Name,
+ Object: "o2",
+ Relation: "r",
+ SubjectId: pointerx.Ptr("s"),
+ },
+ { // Unknown namespace
+ Namespace: "n2",
+ Object: "o",
+ Relation: "r",
+ SubjectId: pointerx.Ptr("s"),
+ },
+ }}
+ bodyBytes, err := json.Marshal(reqBody)
+ require.NoError(t, err)
+
+ resp, err := ts.Client().Post(buildBatchURL(ts.URL, "5"),
+ "application/json", bytes.NewReader(bodyBytes))
+ require.NoError(t, err)
+ assert.Equal(t, http.StatusOK, resp.StatusCode)
+ body, err := io.ReadAll(resp.Body)
+ require.NoError(t, err)
+ var respBody client.BatchCheckPermissionResult
+ require.NoError(t, json.Unmarshal(body, &respBody))
+ require.Equal(t, respBody, client.BatchCheckPermissionResult{
+ Results: []client.CheckPermissionResultWithError{
+ {
+ Allowed: true,
+ Error: nil,
+ },
+ {
+ Allowed: false,
+ Error: nil,
+ },
+ {
+ Allowed: false,
+ Error: pointerx.Ptr("The requested resource could not be found"),
+ },
+ },
+ })
+
+ // Check again with the default parallelization factor
+ resp, err = ts.Client().Post(fmt.Sprintf("%s%s?max-depth=%v", ts.URL, check.BatchRoute, 5),
+ "application/json", bytes.NewReader(bodyBytes))
+ require.NoError(t, err)
+ assert.Equal(t, http.StatusOK, resp.StatusCode)
+ body, err = io.ReadAll(resp.Body)
+ require.NoError(t, err)
+ var defaultParallelizationRespBody client.BatchCheckPermissionResult
+ require.NoError(t, json.Unmarshal(body, &defaultParallelizationRespBody))
+ require.Equal(t, respBody, defaultParallelizationRespBody)
+ })
+}
+
+func buildBatchURL(baseURL, maxDepth string) string {
+ return fmt.Sprintf("%s%s?max-depth=%s",
+ baseURL, check.BatchRoute, maxDepth)
+}
+
+func TestBatchCheckGRPCHandler(t *testing.T) {
+ ctx := context.Background()
+
+ reg := driver.NewSqliteTestRegistry(t, false)
+ h := check.NewHandler(reg)
+
+ l := bufconn.Listen(1024 * 1024)
+ s := grpc.NewServer()
+ h.RegisterReadGRPC(s)
+ go func() {
+ if err := s.Serve(l); err != nil {
+ t.Logf("Server exited with error: %v", err)
+ }
+ }()
+ t.Cleanup(s.Stop)
+
+ conn, err := grpc.Dial("bufnet",
+ grpc.WithTransportCredentials(insecure.NewCredentials()),
+ grpc.WithContextDialer(func(context.Context, string) (net.Conn, error) { return l.Dial() }),
+ )
+ require.NoError(t, err)
+ t.Cleanup(func() { conn.Close() })
+
+ nspaces := []*namespace.Namespace{{
+ Name: "batch-check-grpc",
+ }}
+ require.NoError(t, reg.Config(ctx).Set(config.KeyNamespaces, nspaces))
+
+ checkClient := rts.NewCheckServiceClient(conn)
+
+ t.Run("case=returns bad request when batch too large", func(t *testing.T) {
+ tuples := make([]*rts.RelationTuple, 11)
+ for i := 0; i < len(tuples); i++ {
+ tuples[i] = &rts.RelationTuple{
+ Namespace: "n",
+ Object: "o",
+ Relation: "r",
+ Subject: &rts.Subject{
+ Ref: &rts.Subject_Id{
+ Id: "s",
+ },
+ },
+ }
+ }
+ _, err := checkClient.BatchCheck(ctx, &rts.BatchCheckRequest{
+ Tuples: tuples,
+ MaxDepth: 5,
+ })
+ statusErr, ok := status.FromError(err)
+ require.True(t, ok)
+ require.Equal(t, codes.InvalidArgument, statusErr.Code())
+ require.Equal(t, "batch exceeds max size of 10", statusErr.Message())
+ })
+
+ t.Run("case=batch check", func(t *testing.T) {
+ rt := &ketoapi.RelationTuple{
+ Namespace: nspaces[0].Name,
+ Object: "o",
+ Relation: "r",
+ SubjectID: pointerx.Ptr("s"),
+ }
+ relationtuple.MapAndWriteTuples(t, reg, rt)
+
+ resp, err := checkClient.BatchCheck(ctx, &rts.BatchCheckRequest{
+ Tuples: []*rts.RelationTuple{
+ { // Allowed
+ Namespace: nspaces[0].Name,
+ Object: "o",
+ Relation: "r",
+ Subject: &rts.Subject{
+ Ref: &rts.Subject_Id{
+ Id: "s",
+ },
+ },
+ },
+ { // Unknown namespace
+ Namespace: "n2",
+ Object: "o",
+ Relation: "r",
+ Subject: &rts.Subject{
+ Ref: &rts.Subject_Id{
+ Id: "s",
+ },
+ },
+ },
+ { // Not allowed
+ Namespace: nspaces[0].Name,
+ Object: "o2",
+ Relation: "r",
+ Subject: &rts.Subject{
+ Ref: &rts.Subject_Id{
+ Id: "s",
+ },
+ },
+ },
+ },
+ MaxDepth: 5,
+ })
+ require.NoError(t, err)
+ require.Len(t, resp.Results, 3)
+ require.True(t, resp.Results[0].Allowed)
+ require.Empty(t, resp.Results[0].Error)
+ require.False(t, resp.Results[1].Allowed)
+ require.Equal(t, resp.Results[1].Error, "The requested resource could not be found")
+ require.False(t, resp.Results[2].Allowed)
+ require.Empty(t, resp.Results[2].Error)
+ })
+}
diff --git a/internal/driver/config/provider.go b/internal/driver/config/provider.go
index f32aae858..f9e1ca73a 100644
--- a/internal/driver/config/provider.go
+++ b/internal/driver/config/provider.go
@@ -40,6 +40,9 @@ const (
KeyLimitMaxReadDepth = "limit.max_read_depth"
KeyLimitMaxReadWidth = "limit.max_read_width"
+ KeyBatchCheckMaxBatchSize = "limit.max_batch_check_size"
+ KeyBatchCheckParallelizationLimit = "limit.batch_check_max_parallelization"
+
KeyReadAPIHost = "serve." + string(EndpointRead) + ".host"
KeyReadAPIPort = "serve." + string(EndpointRead) + ".port"
KeyWriteAPIHost = "serve." + string(EndpointWrite) + ".host"
@@ -184,6 +187,14 @@ func (k *Config) MaxReadWidth() int {
return k.p.Int(KeyLimitMaxReadWidth)
}
+func (k *Config) BatchCheckMaxBatchSize() int {
+ return k.p.Int(KeyBatchCheckMaxBatchSize)
+}
+
+func (k *Config) BatchCheckParallelizationLimit() int {
+ return k.p.Int(KeyBatchCheckParallelizationLimit)
+}
+
func (k *Config) CORS(iface string) (cors.Options, bool) {
switch iface {
case "read", "write", "metrics":
diff --git a/internal/e2e/cli_client_test.go b/internal/e2e/cli_client_test.go
index 9cf0301ef..28a908413 100644
--- a/internal/e2e/cli_client_test.go
+++ b/internal/e2e/cli_client_test.go
@@ -116,6 +116,19 @@ func (g *cliClient) check(t require.TestingT, r *ketoapi.RelationTuple) bool {
return res.Allowed
}
+func (g *cliClient) batchCheckErr(t require.TestingT, requestTuples []*ketoapi.RelationTuple,
+ expected herodot.DefaultError) {
+ if t, ok := t.(*testing.T); ok {
+ t.Skip("not implemented for the CLI")
+ }
+}
+func (g *cliClient) batchCheck(t require.TestingT, requestTuples []*ketoapi.RelationTuple) []checkResponse {
+ if t, ok := t.(*testing.T); ok {
+ t.Skip("not implemented for the CLI")
+ }
+ return nil
+}
+
func (g *cliClient) expand(t require.TestingT, r *ketoapi.SubjectSet, depth int) *ketoapi.Tree[*ketoapi.RelationTuple] {
out := g.c.ExecNoErr(t, "expand", r.Relation, r.Namespace, r.Object, "--"+cliexpand.FlagMaxDepth, fmt.Sprintf("%d", depth), "--"+cmdx.FlagFormat, string(cmdx.FormatJSON))
res := ketoapi.Tree[*ketoapi.RelationTuple]{}
diff --git a/internal/e2e/full_suit_test.go b/internal/e2e/full_suit_test.go
index d40bb04c0..e00b34387 100644
--- a/internal/e2e/full_suit_test.go
+++ b/internal/e2e/full_suit_test.go
@@ -37,6 +37,8 @@ type (
queryTuple(t require.TestingT, q *ketoapi.RelationQuery, opts ...x.PaginationOptionSetter) *ketoapi.GetResponse
queryTupleErr(t require.TestingT, expected herodot.DefaultError, q *ketoapi.RelationQuery, opts ...x.PaginationOptionSetter)
check(t require.TestingT, r *ketoapi.RelationTuple) bool
+ batchCheck(t require.TestingT, r []*ketoapi.RelationTuple) []checkResponse
+ batchCheckErr(t require.TestingT, requestTuples []*ketoapi.RelationTuple, expected herodot.DefaultError)
expand(t require.TestingT, r *ketoapi.SubjectSet, depth int) *ketoapi.Tree[*ketoapi.RelationTuple]
oplCheckSyntax(t require.TestingT, content []byte) []*ketoapi.ParseError
waitUntilLive(t require.TestingT)
diff --git a/internal/e2e/grpc_client_test.go b/internal/e2e/grpc_client_test.go
index 1244dfad0..885d3f262 100644
--- a/internal/e2e/grpc_client_test.go
+++ b/internal/e2e/grpc_client_test.go
@@ -150,6 +150,63 @@ func (g *grpcClient) check(t require.TestingT, r *ketoapi.RelationTuple) bool {
return resp.Allowed
}
+type checkResponse struct {
+ allowed bool
+ errorMessage string
+}
+
+func (g *grpcClient) batchCheckErr(t require.TestingT, requestTuples []*ketoapi.RelationTuple,
+ expected herodot.DefaultError) {
+
+ _, err := g.doBatchCheck(t, requestTuples)
+ require.Error(t, err)
+ s, ok := status.FromError(err)
+ require.True(t, ok)
+ assert.Equal(t, expected.GRPCCodeField, s.Code(), "%+v", err)
+ assert.Contains(t, s.Message(), expected.Reason())
+}
+
+func (g *grpcClient) batchCheck(t require.TestingT, requestTuples []*ketoapi.RelationTuple) []checkResponse {
+ resp, err := g.doBatchCheck(t, requestTuples)
+ require.NoError(t, err)
+
+ checkResponses := make([]checkResponse, len(resp.Results))
+ for i, r := range resp.Results {
+ checkResponses[i] = checkResponse{
+ allowed: r.Allowed,
+ errorMessage: r.Error,
+ }
+ }
+
+ return checkResponses
+}
+
+func (g *grpcClient) doBatchCheck(t require.TestingT, requestTuples []*ketoapi.RelationTuple) (*rts.BatchCheckResponse, error) {
+
+ c := rts.NewCheckServiceClient(g.readConn(t))
+
+ tuples := make([]*rts.RelationTuple, len(requestTuples))
+ for i, tuple := range requestTuples {
+ var subject *rts.Subject
+ if tuple.SubjectID != nil {
+ subject = rts.NewSubjectID(*tuple.SubjectID)
+ } else {
+ subject = rts.NewSubjectSet(tuple.SubjectSet.Namespace, tuple.SubjectSet.Object, tuple.SubjectSet.Relation)
+ }
+ tuples[i] = &rts.RelationTuple{
+ Namespace: tuple.Namespace,
+ Object: tuple.Object,
+ Relation: tuple.Relation,
+ Subject: subject,
+ }
+ }
+
+ req := &rts.BatchCheckRequest{
+ Tuples: tuples,
+ }
+ return c.BatchCheck(g.ctx, req)
+}
+
func (g *grpcClient) expand(t require.TestingT, r *ketoapi.SubjectSet, depth int) *ketoapi.Tree[*ketoapi.RelationTuple] {
c := rts.NewExpandServiceClient(g.readConn(t))
diff --git a/internal/e2e/rest_client_test.go b/internal/e2e/rest_client_test.go
index 9dcaa3510..7e3ff92e1 100644
--- a/internal/e2e/rest_client_test.go
+++ b/internal/e2e/rest_client_test.go
@@ -12,6 +12,7 @@ import (
"strconv"
"time"
+ client2 "github.com/ory/keto/internal/httpclient"
"github.com/ory/keto/internal/schema"
"github.com/ory/keto/ketoapi"
@@ -155,6 +156,41 @@ func (rc *restClient) check(t require.TestingT, r *ketoapi.RelationTuple) bool {
return false
}
+func (rc *restClient) batchCheckErr(t require.TestingT, requestTuples []*ketoapi.RelationTuple,
+ expected herodot.DefaultError) {
+
+ req := client2.BatchCheckPermissionBody{
+ Tuples: tuplesToRelationships(requestTuples),
+ }
+ j, err := json.Marshal(req)
+ require.NoError(t, err)
+ body, code := rc.makeRequest(t, http.MethodPost, check.BatchRoute, string(j), rc.readURL)
+ assert.Equal(t, expected.CodeField, code)
+ assert.Contains(t, body, expected.Reason())
+}
+
+func (rc *restClient) batchCheck(t require.TestingT, requestTuples []*ketoapi.RelationTuple) []checkResponse {
+ req := client2.BatchCheckPermissionBody{
+ Tuples: tuplesToRelationships(requestTuples),
+ }
+ j, err := json.Marshal(req)
+ require.NoError(t, err)
+ body, code := rc.makeRequest(t, http.MethodPost, check.BatchRoute, string(j), rc.readURL)
+ require.Equal(t, http.StatusOK, code, "batch check failed unexpected with error code %d", code)
+
+ var respPost check.BatchCheckPermissionResult
+ require.NoError(t, json.Unmarshal([]byte(body), &respPost))
+
+ responseChecks := make([]checkResponse, len(respPost.Results))
+ for i, result := range respPost.Results {
+ responseChecks[i] = checkResponse{
+ allowed: result.Allowed,
+ errorMessage: result.Error,
+ }
+ }
+ return responseChecks
+}
+
func (rc *restClient) expand(t require.TestingT, r *ketoapi.SubjectSet, depth int) *ketoapi.Tree[*ketoapi.RelationTuple] {
query := r.ToURLQuery()
query.Set("max-depth", fmt.Sprintf("%d", depth))
diff --git a/internal/e2e/sdk_client_test.go b/internal/e2e/sdk_client_test.go
index dc77ccc49..21da87cb6 100644
--- a/internal/e2e/sdk_client_test.go
+++ b/internal/e2e/sdk_client_test.go
@@ -240,6 +240,68 @@ func (c *sdkClient) check(t require.TestingT, r *ketoapi.RelationTuple) bool {
return resp.GetAllowed()
}
+func (c *sdkClient) batchCheckErr(t require.TestingT, requestTuples []*ketoapi.RelationTuple, expected herodot.DefaultError) {
+
+ request := c.getReadClient().PermissionApi.BatchCheckPermission(c.requestCtx()).
+ BatchCheckPermissionBody(httpclient.BatchCheckPermissionBody{
+ Tuples: tuplesToRelationships(requestTuples),
+ })
+
+ _, _, err := request.Execute()
+ switch typedErr := err.(type) {
+ case nil:
+ require.FailNow(t, "expected error but got nil")
+ case *httpclient.GenericOpenAPIError:
+ assert.Contains(t, typedErr.Error(), expected.Reason())
+ default:
+ require.FailNow(t, "got unknown error %+v\nexpected %+v", err, expected)
+ }
+}
+
+func (c *sdkClient) batchCheck(t require.TestingT, requestTuples []*ketoapi.RelationTuple) []checkResponse {
+ request := c.getReadClient().PermissionApi.BatchCheckPermission(c.requestCtx()).
+ BatchCheckPermissionBody(httpclient.BatchCheckPermissionBody{
+ Tuples: tuplesToRelationships(requestTuples),
+ })
+
+ resp, _, err := request.Execute()
+ require.NoError(t, err)
+
+ responses := make([]checkResponse, len(resp.Results))
+ for i, result := range resp.Results {
+ errMsg := ""
+ if result.Error != nil {
+ errMsg = *result.Error
+ }
+ responses[i] = checkResponse{
+ allowed: result.Allowed,
+ errorMessage: errMsg,
+ }
+ }
+ return responses
+}
+
+func tuplesToRelationships(tuples []*ketoapi.RelationTuple) []httpclient.Relationship {
+ relationships := make([]httpclient.Relationship, len(tuples))
+ for i, requestTuple := range tuples {
+ relationship := httpclient.Relationship{
+ Namespace: requestTuple.Namespace,
+ Object: requestTuple.Object,
+ Relation: requestTuple.Relation,
+ SubjectId: requestTuple.SubjectID,
+ }
+ if requestTuple.SubjectSet != nil {
+ relationship.SubjectSet = &httpclient.SubjectSet{
+ Namespace: requestTuple.SubjectSet.Namespace,
+ Object: requestTuple.SubjectSet.Object,
+ Relation: requestTuple.SubjectSet.Relation,
+ }
+ }
+ relationships[i] = relationship
+ }
+ return relationships
+}
+
func buildTree(t require.TestingT, mt *httpclient.ExpandedPermissionTree) *ketoapi.Tree[*ketoapi.RelationTuple] {
result := &ketoapi.Tree[*ketoapi.RelationTuple]{
Type: ketoapi.TreeNodeType(mt.Type),
diff --git a/internal/e2e/testcases_test.go b/internal/e2e/testcases_test.go
index da964ce55..a75d1c842 100644
--- a/internal/e2e/testcases_test.go
+++ b/internal/e2e/testcases_test.go
@@ -63,6 +63,10 @@ func runCases(c client, m *namespaceTestManager) func(*testing.T) {
// try the check API to see whether the tuple is interpreted correctly
assert.True(t, c.check(t, tuple))
+ batchResult := c.batchCheck(t, []*ketoapi.RelationTuple{tuple})
+ require.Len(t, batchResult, 1)
+ assert.True(t, batchResult[0].allowed)
+ assert.Empty(t, batchResult[0].errorMessage)
})
t.Run("case=creates tuple with empty IDs", func(t *testing.T) {
@@ -89,6 +93,10 @@ func runCases(c client, m *namespaceTestManager) func(*testing.T) {
c.createTuple(t, tp)
// try the check API to see whether the tuple is interpreted correctly
assert.True(t, c.check(t, tp))
+ batchResult := c.batchCheck(t, []*ketoapi.RelationTuple{tp})
+ require.Len(t, batchResult, 1)
+ assert.True(t, batchResult[0].allowed)
+ assert.Empty(t, batchResult[0].errorMessage)
}
resp := c.queryTuple(t, &ketoapi.RelationQuery{Namespace: &n.Name})
@@ -115,6 +123,93 @@ func runCases(c client, m *namespaceTestManager) func(*testing.T) {
c.createTuple(t, rt)
assert.True(t, c.check(t, rt))
+ batchResult := c.batchCheck(t, []*ketoapi.RelationTuple{rt})
+ require.Len(t, batchResult, 1)
+ assert.True(t, batchResult[0].allowed)
+ assert.Empty(t, batchResult[0].errorMessage)
+ })
+
+ t.Run("case=batch check", func(t *testing.T) {
+ /*
+ Test batch check with four cases:
+ - Allowed single subject tuple
+ - Allowed subject set tuple
+ - Tuple with unknown namespace (will return an error for this case)
+ - Dis-allowed tuple
+ */
+ namespace1 := &namespace.Namespace{Name: t.Name()}
+ namespace2 := &namespace.Namespace{Name: t.Name() + "-2"}
+ m.add(t, namespace1)
+ m.add(t, namespace2)
+
+ obj1 := fmt.Sprintf("obj for client %T", c)
+ obj2 := fmt.Sprintf("another obj for client %T", c)
+ rel1 := "check"
+ rel2 := "access"
+
+ tupleSubjectSet := &ketoapi.RelationTuple{
+ Namespace: namespace1.Name,
+ Object: obj1,
+ Relation: rel1,
+ SubjectSet: &ketoapi.SubjectSet{
+ Namespace: namespace1.Name,
+ Object: obj1,
+ Relation: rel1,
+ },
+ }
+ c.createTuple(t, tupleSubjectSet)
+
+ tupleSingleSubject := &ketoapi.RelationTuple{
+ Namespace: namespace2.Name,
+ Object: obj2,
+ Relation: rel2,
+ SubjectID: pointerx.Ptr("sub1"),
+ }
+ c.createTuple(t, tupleSingleSubject)
+
+ unknownNamespaceTuple := &ketoapi.RelationTuple{
+ Namespace: "unknown-namespace",
+ Object: obj1,
+ Relation: rel1,
+ SubjectID: pointerx.Ptr("sub1"),
+ }
+
+ unknownSubjectTuple := &ketoapi.RelationTuple{
+ Namespace: namespace1.Name,
+ Object: obj1,
+ Relation: rel1,
+ SubjectID: pointerx.Ptr("unknown-sub"),
+ }
+
+ batchResult := c.batchCheck(t, []*ketoapi.RelationTuple{tupleSubjectSet, tupleSingleSubject,
+ unknownNamespaceTuple, unknownSubjectTuple})
+ require.Len(t, batchResult, 4)
+ assert.True(t, batchResult[0].allowed)
+ assert.Empty(t, batchResult[0].errorMessage)
+ assert.True(t, batchResult[1].allowed)
+ assert.Empty(t, batchResult[1].errorMessage)
+ assert.False(t, batchResult[2].allowed)
+ assert.Contains(t, batchResult[2].errorMessage, "The requested resource could not be found")
+ assert.False(t, batchResult[3].allowed)
+ assert.Empty(t, batchResult[3].errorMessage)
+
+ // Verify a call with no tuples returns successfully with no results
+ emptyResults := c.batchCheck(t, []*ketoapi.RelationTuple{})
+ require.Empty(t, emptyResults)
+ })
+
+ t.Run("case=batch check validation errors", func(t *testing.T) {
+ // Pass in 11 tuples to check, more than the default limit of 10, and verify the request is rejected
+ tuples := make([]*ketoapi.RelationTuple, 11)
+ for i := range tuples {
+ tuples[i] = &ketoapi.RelationTuple{
+ Namespace: "namespace-name",
+ Object: "obj",
+ Relation: "rel",
+ SubjectID: pointerx.Ptr("sub"),
+ }
+ }
+ c.batchCheckErr(t, tuples, herodot.ErrBadRequest)
})
t.Run("case=expand API", func(t *testing.T) {
diff --git a/internal/httpclient/.openapi-generator/FILES b/internal/httpclient/.openapi-generator/FILES
index 31986fb3c..73bfe2d04 100644
--- a/internal/httpclient/.openapi-generator/FILES
+++ b/internal/httpclient/.openapi-generator/FILES
@@ -8,8 +8,11 @@ api_permission.go
api_relationship.go
client.go
configuration.go
+docs/BatchCheckPermissionBody.md
+docs/BatchCheckPermissionResult.md
docs/CheckOplSyntaxResult.md
docs/CheckPermissionResult.md
+docs/CheckPermissionResultWithError.md
docs/CreateRelationshipBody.md
docs/ErrorGeneric.md
docs/ExpandedPermissionTree.md
@@ -37,8 +40,11 @@ docs/Version.md
git_push.sh
go.mod
go.sum
+model_batch_check_permission_body.go
+model_batch_check_permission_result.go
model_check_opl_syntax_result.go
model_check_permission_result.go
+model_check_permission_result_with_error.go
model_create_relationship_body.go
model_error_generic.go
model_expanded_permission_tree.go
diff --git a/internal/httpclient/README.md b/internal/httpclient/README.md
index e0f787f11..322a9e064 100644
--- a/internal/httpclient/README.md
+++ b/internal/httpclient/README.md
@@ -82,6 +82,7 @@ Class | Method | HTTP request | Description
*MetadataApi* | [**GetVersion**](docs/MetadataApi.md#getversion) | **Get** /version | Return Running Software Version.
*MetadataApi* | [**IsAlive**](docs/MetadataApi.md#isalive) | **Get** /health/alive | Check HTTP Server Status
*MetadataApi* | [**IsReady**](docs/MetadataApi.md#isready) | **Get** /health/ready | Check HTTP Server and Database Status
+*PermissionApi* | [**BatchCheckPermission**](docs/PermissionApi.md#batchcheckpermission) | **Post** /relation-tuples/batch/check | Batch check permissions
*PermissionApi* | [**CheckPermission**](docs/PermissionApi.md#checkpermission) | **Get** /relation-tuples/check/openapi | Check a permission
*PermissionApi* | [**CheckPermissionOrError**](docs/PermissionApi.md#checkpermissionorerror) | **Get** /relation-tuples/check | Check a permission
*PermissionApi* | [**ExpandPermissions**](docs/PermissionApi.md#expandpermissions) | **Get** /relation-tuples/expand | Expand a Relationship into permissions.
@@ -97,8 +98,11 @@ Class | Method | HTTP request | Description
## Documentation For Models
+ - [BatchCheckPermissionBody](docs/BatchCheckPermissionBody.md)
+ - [BatchCheckPermissionResult](docs/BatchCheckPermissionResult.md)
- [CheckOplSyntaxResult](docs/CheckOplSyntaxResult.md)
- [CheckPermissionResult](docs/CheckPermissionResult.md)
+ - [CheckPermissionResultWithError](docs/CheckPermissionResultWithError.md)
- [CreateRelationshipBody](docs/CreateRelationshipBody.md)
- [ErrorGeneric](docs/ErrorGeneric.md)
- [ExpandedPermissionTree](docs/ExpandedPermissionTree.md)
diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml
index 6ef83aa30..db25da3dc 100644
--- a/internal/httpclient/api/openapi.yaml
+++ b/internal/httpclient/api/openapi.yaml
@@ -371,6 +371,48 @@ paths:
summary: Query relationships
tags:
- relationship
+ /relation-tuples/batch/check:
+ post:
+ description: "To learn how relationship tuples and the check works, head over\
+ \ to [the documentation](https://www.ory.sh/docs/keto/concepts/api-overview)."
+ operationId: batchCheckPermission
+ parameters:
+ - explode: true
+ in: query
+ name: max-depth
+ required: false
+ schema:
+ format: int64
+ type: integer
+ style: form
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/batchCheckPermissionBody'
+ x-originalParamName: Body
+ responses:
+ "200":
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/batchCheckPermissionResult'
+ description: batchCheckPermissionResult
+ "400":
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/errorGeneric'
+ description: errorGeneric
+ default:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/errorGeneric'
+ description: errorGeneric
+ summary: Batch check permissions
+ tags:
+ - permission
/relation-tuples/check:
get:
description: "To learn how relationship tuples and the check works, head over\
@@ -774,6 +816,32 @@ components:
UUID:
format: uuid4
type: string
+ batchCheckPermissionBody:
+ description: Batch Check Permission Body
+ properties:
+ tuples:
+ items:
+ $ref: '#/components/schemas/relationship'
+ type: array
+ type: object
+ batchCheckPermissionResult:
+ description: Batch Check Permission Result
+ example:
+ results:
+ - allowed: true
+ error: error
+ - allowed: true
+ error: error
+ properties:
+ results:
+ description: An array of check results. The order aligns with the input
+ order.
+ items:
+ $ref: '#/components/schemas/checkPermissionResultWithError'
+ type: array
+ required:
+ - results
+ type: object
checkOplSyntaxBody:
description: Ory Permission Language Document
type: string
@@ -816,6 +884,21 @@ components:
- allowed
title: Check Permission Result
type: object
+ checkPermissionResultWithError:
+ description: Check Permission Result With Error
+ example:
+ allowed: true
+ error: error
+ properties:
+ allowed:
+ description: whether the relation tuple is allowed
+ type: boolean
+ error:
+ description: any error generated while checking the relation tuple
+ type: string
+ required:
+ - allowed
+ type: object
createRelationshipBody:
description: Create Relationship Request Body
properties:
diff --git a/internal/httpclient/api_permission.go b/internal/httpclient/api_permission.go
index 01e664d4a..2a9559eaf 100644
--- a/internal/httpclient/api_permission.go
+++ b/internal/httpclient/api_permission.go
@@ -26,6 +26,20 @@ var (
type PermissionApi interface {
+ /*
+ * BatchCheckPermission Batch check permissions
+ * To learn how relationship tuples and the check works, head over to [the documentation](https://www.ory.sh/docs/keto/concepts/api-overview).
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return PermissionApiApiBatchCheckPermissionRequest
+ */
+ BatchCheckPermission(ctx context.Context) PermissionApiApiBatchCheckPermissionRequest
+
+ /*
+ * BatchCheckPermissionExecute executes the request
+ * @return BatchCheckPermissionResult
+ */
+ BatchCheckPermissionExecute(r PermissionApiApiBatchCheckPermissionRequest) (*BatchCheckPermissionResult, *http.Response, error)
+
/*
* CheckPermission Check a permission
* To learn how relationship tuples and the check works, head over to [the documentation](https://www.ory.sh/docs/keto/concepts/api-overview).
@@ -100,6 +114,140 @@ type PermissionApi interface {
// PermissionApiService PermissionApi service
type PermissionApiService service
+type PermissionApiApiBatchCheckPermissionRequest struct {
+ ctx context.Context
+ ApiService PermissionApi
+ maxDepth *int64
+ batchCheckPermissionBody *BatchCheckPermissionBody
+}
+
+func (r PermissionApiApiBatchCheckPermissionRequest) MaxDepth(maxDepth int64) PermissionApiApiBatchCheckPermissionRequest {
+ r.maxDepth = &maxDepth
+ return r
+}
+func (r PermissionApiApiBatchCheckPermissionRequest) BatchCheckPermissionBody(batchCheckPermissionBody BatchCheckPermissionBody) PermissionApiApiBatchCheckPermissionRequest {
+ r.batchCheckPermissionBody = &batchCheckPermissionBody
+ return r
+}
+
+func (r PermissionApiApiBatchCheckPermissionRequest) Execute() (*BatchCheckPermissionResult, *http.Response, error) {
+ return r.ApiService.BatchCheckPermissionExecute(r)
+}
+
+/*
+ * BatchCheckPermission Batch check permissions
+ * To learn how relationship tuples and the check works, head over to [the documentation](https://www.ory.sh/docs/keto/concepts/api-overview).
+ * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ * @return PermissionApiApiBatchCheckPermissionRequest
+ */
+func (a *PermissionApiService) BatchCheckPermission(ctx context.Context) PermissionApiApiBatchCheckPermissionRequest {
+ return PermissionApiApiBatchCheckPermissionRequest{
+ ApiService: a,
+ ctx: ctx,
+ }
+}
+
+/*
+ * Execute executes the request
+ * @return BatchCheckPermissionResult
+ */
+func (a *PermissionApiService) BatchCheckPermissionExecute(r PermissionApiApiBatchCheckPermissionRequest) (*BatchCheckPermissionResult, *http.Response, error) {
+ var (
+ localVarHTTPMethod = http.MethodPost
+ localVarPostBody interface{}
+ localVarFormFileName string
+ localVarFileName string
+ localVarFileBytes []byte
+ localVarReturnValue *BatchCheckPermissionResult
+ )
+
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "PermissionApiService.BatchCheckPermission")
+ if err != nil {
+ return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+ }
+
+ localVarPath := localBasePath + "/relation-tuples/batch/check"
+
+ localVarHeaderParams := make(map[string]string)
+ localVarQueryParams := url.Values{}
+ localVarFormParams := url.Values{}
+
+ if r.maxDepth != nil {
+ localVarQueryParams.Add("max-depth", parameterToString(*r.maxDepth, ""))
+ }
+ // to determine the Content-Type header
+ localVarHTTPContentTypes := []string{"application/json"}
+
+ // set Content-Type header
+ localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+ if localVarHTTPContentType != "" {
+ localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+ }
+
+ // to determine the Accept header
+ localVarHTTPHeaderAccepts := []string{"application/json"}
+
+ // set Accept header
+ localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+ if localVarHTTPHeaderAccept != "" {
+ localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+ }
+ // body params
+ localVarPostBody = r.batchCheckPermissionBody
+ req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFormFileName, localVarFileName, localVarFileBytes)
+ if err != nil {
+ return localVarReturnValue, nil, err
+ }
+
+ localVarHTTPResponse, err := a.client.callAPI(req)
+ if err != nil || localVarHTTPResponse == nil {
+ return localVarReturnValue, localVarHTTPResponse, err
+ }
+
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
+ localVarHTTPResponse.Body.Close()
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
+ if err != nil {
+ return localVarReturnValue, localVarHTTPResponse, err
+ }
+
+ if localVarHTTPResponse.StatusCode >= 300 {
+ newErr := &GenericOpenAPIError{
+ body: localVarBody,
+ error: localVarHTTPResponse.Status,
+ }
+ if localVarHTTPResponse.StatusCode == 400 {
+ var v ErrorGeneric
+ err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+ if err != nil {
+ newErr.error = err.Error()
+ return localVarReturnValue, localVarHTTPResponse, newErr
+ }
+ newErr.model = v
+ return localVarReturnValue, localVarHTTPResponse, newErr
+ }
+ var v ErrorGeneric
+ err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+ if err != nil {
+ newErr.error = err.Error()
+ return localVarReturnValue, localVarHTTPResponse, newErr
+ }
+ newErr.model = v
+ return localVarReturnValue, localVarHTTPResponse, newErr
+ }
+
+ err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+ if err != nil {
+ newErr := &GenericOpenAPIError{
+ body: localVarBody,
+ error: err.Error(),
+ }
+ return localVarReturnValue, localVarHTTPResponse, newErr
+ }
+
+ return localVarReturnValue, localVarHTTPResponse, nil
+}
+
type PermissionApiApiCheckPermissionRequest struct {
ctx context.Context
ApiService PermissionApi
diff --git a/internal/httpclient/docs/BatchCheckPermissionBody.md b/internal/httpclient/docs/BatchCheckPermissionBody.md
new file mode 100644
index 000000000..a91da96d5
--- /dev/null
+++ b/internal/httpclient/docs/BatchCheckPermissionBody.md
@@ -0,0 +1,56 @@
+# BatchCheckPermissionBody
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Tuples** | Pointer to [**[]Relationship**](Relationship.md) | | [optional]
+
+## Methods
+
+### NewBatchCheckPermissionBody
+
+`func NewBatchCheckPermissionBody() *BatchCheckPermissionBody`
+
+NewBatchCheckPermissionBody instantiates a new BatchCheckPermissionBody object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBatchCheckPermissionBodyWithDefaults
+
+`func NewBatchCheckPermissionBodyWithDefaults() *BatchCheckPermissionBody`
+
+NewBatchCheckPermissionBodyWithDefaults instantiates a new BatchCheckPermissionBody object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetTuples
+
+`func (o *BatchCheckPermissionBody) GetTuples() []Relationship`
+
+GetTuples returns the Tuples field if non-nil, zero value otherwise.
+
+### GetTuplesOk
+
+`func (o *BatchCheckPermissionBody) GetTuplesOk() (*[]Relationship, bool)`
+
+GetTuplesOk returns a tuple with the Tuples field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetTuples
+
+`func (o *BatchCheckPermissionBody) SetTuples(v []Relationship)`
+
+SetTuples sets Tuples field to given value.
+
+### HasTuples
+
+`func (o *BatchCheckPermissionBody) HasTuples() bool`
+
+HasTuples returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/internal/httpclient/docs/BatchCheckPermissionResult.md b/internal/httpclient/docs/BatchCheckPermissionResult.md
new file mode 100644
index 000000000..f11faf175
--- /dev/null
+++ b/internal/httpclient/docs/BatchCheckPermissionResult.md
@@ -0,0 +1,51 @@
+# BatchCheckPermissionResult
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Results** | [**[]CheckPermissionResultWithError**](CheckPermissionResultWithError.md) | An array of check results. The order aligns with the input order. |
+
+## Methods
+
+### NewBatchCheckPermissionResult
+
+`func NewBatchCheckPermissionResult(results []CheckPermissionResultWithError, ) *BatchCheckPermissionResult`
+
+NewBatchCheckPermissionResult instantiates a new BatchCheckPermissionResult object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewBatchCheckPermissionResultWithDefaults
+
+`func NewBatchCheckPermissionResultWithDefaults() *BatchCheckPermissionResult`
+
+NewBatchCheckPermissionResultWithDefaults instantiates a new BatchCheckPermissionResult object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetResults
+
+`func (o *BatchCheckPermissionResult) GetResults() []CheckPermissionResultWithError`
+
+GetResults returns the Results field if non-nil, zero value otherwise.
+
+### GetResultsOk
+
+`func (o *BatchCheckPermissionResult) GetResultsOk() (*[]CheckPermissionResultWithError, bool)`
+
+GetResultsOk returns a tuple with the Results field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetResults
+
+`func (o *BatchCheckPermissionResult) SetResults(v []CheckPermissionResultWithError)`
+
+SetResults sets Results field to given value.
+
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/internal/httpclient/docs/CheckPermissionResultWithError.md b/internal/httpclient/docs/CheckPermissionResultWithError.md
new file mode 100644
index 000000000..9f2eec360
--- /dev/null
+++ b/internal/httpclient/docs/CheckPermissionResultWithError.md
@@ -0,0 +1,77 @@
+# CheckPermissionResultWithError
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Allowed** | **bool** | whether the relation tuple is allowed |
+**Error** | Pointer to **string** | any error generated while checking the relation tuple | [optional]
+
+## Methods
+
+### NewCheckPermissionResultWithError
+
+`func NewCheckPermissionResultWithError(allowed bool, ) *CheckPermissionResultWithError`
+
+NewCheckPermissionResultWithError instantiates a new CheckPermissionResultWithError object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewCheckPermissionResultWithErrorWithDefaults
+
+`func NewCheckPermissionResultWithErrorWithDefaults() *CheckPermissionResultWithError`
+
+NewCheckPermissionResultWithErrorWithDefaults instantiates a new CheckPermissionResultWithError object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetAllowed
+
+`func (o *CheckPermissionResultWithError) GetAllowed() bool`
+
+GetAllowed returns the Allowed field if non-nil, zero value otherwise.
+
+### GetAllowedOk
+
+`func (o *CheckPermissionResultWithError) GetAllowedOk() (*bool, bool)`
+
+GetAllowedOk returns a tuple with the Allowed field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetAllowed
+
+`func (o *CheckPermissionResultWithError) SetAllowed(v bool)`
+
+SetAllowed sets Allowed field to given value.
+
+
+### GetError
+
+`func (o *CheckPermissionResultWithError) GetError() string`
+
+GetError returns the Error field if non-nil, zero value otherwise.
+
+### GetErrorOk
+
+`func (o *CheckPermissionResultWithError) GetErrorOk() (*string, bool)`
+
+GetErrorOk returns a tuple with the Error field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetError
+
+`func (o *CheckPermissionResultWithError) SetError(v string)`
+
+SetError sets Error field to given value.
+
+### HasError
+
+`func (o *CheckPermissionResultWithError) HasError() bool`
+
+HasError returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/internal/httpclient/docs/PermissionApi.md b/internal/httpclient/docs/PermissionApi.md
index c9bcf6e5f..416ea2bcb 100644
--- a/internal/httpclient/docs/PermissionApi.md
+++ b/internal/httpclient/docs/PermissionApi.md
@@ -4,6 +4,7 @@ All URIs are relative to *http://localhost*
Method | HTTP request | Description
------------- | ------------- | -------------
+[**BatchCheckPermission**](PermissionApi.md#BatchCheckPermission) | **Post** /relation-tuples/batch/check | Batch check permissions
[**CheckPermission**](PermissionApi.md#CheckPermission) | **Get** /relation-tuples/check/openapi | Check a permission
[**CheckPermissionOrError**](PermissionApi.md#CheckPermissionOrError) | **Get** /relation-tuples/check | Check a permission
[**ExpandPermissions**](PermissionApi.md#ExpandPermissions) | **Get** /relation-tuples/expand | Expand a Relationship into permissions.
@@ -12,6 +13,74 @@ Method | HTTP request | Description
+## BatchCheckPermission
+
+> BatchCheckPermissionResult BatchCheckPermission(ctx).MaxDepth(maxDepth).BatchCheckPermissionBody(batchCheckPermissionBody).Execute()
+
+Batch check permissions
+
+
+
+### Example
+
+```go
+package main
+
+import (
+ "context"
+ "fmt"
+ "os"
+ openapiclient "./openapi"
+)
+
+func main() {
+ maxDepth := int64(789) // int64 | (optional)
+ batchCheckPermissionBody := *openapiclient.NewBatchCheckPermissionBody() // BatchCheckPermissionBody | (optional)
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.PermissionApi.BatchCheckPermission(context.Background()).MaxDepth(maxDepth).BatchCheckPermissionBody(batchCheckPermissionBody).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `PermissionApi.BatchCheckPermission``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `BatchCheckPermission`: BatchCheckPermissionResult
+ fmt.Fprintf(os.Stdout, "Response from `PermissionApi.BatchCheckPermission`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiBatchCheckPermissionRequest struct via the builder pattern
+
+
+Name | Type | Description | Notes
+------------- | ------------- | ------------- | -------------
+ **maxDepth** | **int64** | |
+ **batchCheckPermissionBody** | [**BatchCheckPermissionBody**](BatchCheckPermissionBody.md) | |
+
+### Return type
+
+[**BatchCheckPermissionResult**](BatchCheckPermissionResult.md)
+
+### Authorization
+
+No authorization required
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
## CheckPermission
> CheckPermissionResult CheckPermission(ctx).Namespace(namespace).Object(object).Relation(relation).SubjectId(subjectId).SubjectSetNamespace(subjectSetNamespace).SubjectSetObject(subjectSetObject).SubjectSetRelation(subjectSetRelation).MaxDepth(maxDepth).Execute()
diff --git a/internal/httpclient/model_batch_check_permission_body.go b/internal/httpclient/model_batch_check_permission_body.go
new file mode 100644
index 000000000..e6e25abd3
--- /dev/null
+++ b/internal/httpclient/model_batch_check_permission_body.go
@@ -0,0 +1,114 @@
+/*
+ * Ory Keto API
+ *
+ * Documentation for all of Ory Keto's REST APIs. gRPC is documented separately.
+ *
+ * API version:
+ * Contact: hi@ory.sh
+ */
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package client
+
+import (
+ "encoding/json"
+)
+
+// BatchCheckPermissionBody Batch Check Permission Body
+type BatchCheckPermissionBody struct {
+ Tuples []Relationship `json:"tuples,omitempty"`
+}
+
+// NewBatchCheckPermissionBody instantiates a new BatchCheckPermissionBody object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBatchCheckPermissionBody() *BatchCheckPermissionBody {
+ this := BatchCheckPermissionBody{}
+ return &this
+}
+
+// NewBatchCheckPermissionBodyWithDefaults instantiates a new BatchCheckPermissionBody object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBatchCheckPermissionBodyWithDefaults() *BatchCheckPermissionBody {
+ this := BatchCheckPermissionBody{}
+ return &this
+}
+
+// GetTuples returns the Tuples field value if set, zero value otherwise.
+func (o *BatchCheckPermissionBody) GetTuples() []Relationship {
+ if o == nil || o.Tuples == nil {
+ var ret []Relationship
+ return ret
+ }
+ return o.Tuples
+}
+
+// GetTuplesOk returns a tuple with the Tuples field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *BatchCheckPermissionBody) GetTuplesOk() ([]Relationship, bool) {
+ if o == nil || o.Tuples == nil {
+ return nil, false
+ }
+ return o.Tuples, true
+}
+
+// HasTuples returns a boolean if a field has been set.
+func (o *BatchCheckPermissionBody) HasTuples() bool {
+ if o != nil && o.Tuples != nil {
+ return true
+ }
+
+ return false
+}
+
+// SetTuples gets a reference to the given []Relationship and assigns it to the Tuples field.
+func (o *BatchCheckPermissionBody) SetTuples(v []Relationship) {
+ o.Tuples = v
+}
+
+func (o BatchCheckPermissionBody) MarshalJSON() ([]byte, error) {
+ toSerialize := map[string]interface{}{}
+ if o.Tuples != nil {
+ toSerialize["tuples"] = o.Tuples
+ }
+ return json.Marshal(toSerialize)
+}
+
+type NullableBatchCheckPermissionBody struct {
+ value *BatchCheckPermissionBody
+ isSet bool
+}
+
+func (v NullableBatchCheckPermissionBody) Get() *BatchCheckPermissionBody {
+ return v.value
+}
+
+func (v *NullableBatchCheckPermissionBody) Set(val *BatchCheckPermissionBody) {
+ v.value = val
+ v.isSet = true
+}
+
+func (v NullableBatchCheckPermissionBody) IsSet() bool {
+ return v.isSet
+}
+
+func (v *NullableBatchCheckPermissionBody) Unset() {
+ v.value = nil
+ v.isSet = false
+}
+
+func NewNullableBatchCheckPermissionBody(val *BatchCheckPermissionBody) *NullableBatchCheckPermissionBody {
+ return &NullableBatchCheckPermissionBody{value: val, isSet: true}
+}
+
+func (v NullableBatchCheckPermissionBody) MarshalJSON() ([]byte, error) {
+ return json.Marshal(v.value)
+}
+
+func (v *NullableBatchCheckPermissionBody) UnmarshalJSON(src []byte) error {
+ v.isSet = true
+ return json.Unmarshal(src, &v.value)
+}
diff --git a/internal/httpclient/model_batch_check_permission_result.go b/internal/httpclient/model_batch_check_permission_result.go
new file mode 100644
index 000000000..8b88cfabf
--- /dev/null
+++ b/internal/httpclient/model_batch_check_permission_result.go
@@ -0,0 +1,108 @@
+/*
+ * Ory Keto API
+ *
+ * Documentation for all of Ory Keto's REST APIs. gRPC is documented separately.
+ *
+ * API version:
+ * Contact: hi@ory.sh
+ */
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package client
+
+import (
+ "encoding/json"
+)
+
+// BatchCheckPermissionResult Batch Check Permission Result
+type BatchCheckPermissionResult struct {
+ // An array of check results. The order aligns with the input order.
+ Results []CheckPermissionResultWithError `json:"results"`
+}
+
+// NewBatchCheckPermissionResult instantiates a new BatchCheckPermissionResult object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewBatchCheckPermissionResult(results []CheckPermissionResultWithError) *BatchCheckPermissionResult {
+ this := BatchCheckPermissionResult{}
+ this.Results = results
+ return &this
+}
+
+// NewBatchCheckPermissionResultWithDefaults instantiates a new BatchCheckPermissionResult object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewBatchCheckPermissionResultWithDefaults() *BatchCheckPermissionResult {
+ this := BatchCheckPermissionResult{}
+ return &this
+}
+
+// GetResults returns the Results field value
+func (o *BatchCheckPermissionResult) GetResults() []CheckPermissionResultWithError {
+ if o == nil {
+ var ret []CheckPermissionResultWithError
+ return ret
+ }
+
+ return o.Results
+}
+
+// GetResultsOk returns a tuple with the Results field value
+// and a boolean to check if the value has been set.
+func (o *BatchCheckPermissionResult) GetResultsOk() ([]CheckPermissionResultWithError, bool) {
+ if o == nil {
+ return nil, false
+ }
+ return o.Results, true
+}
+
+// SetResults sets field value
+func (o *BatchCheckPermissionResult) SetResults(v []CheckPermissionResultWithError) {
+ o.Results = v
+}
+
+func (o BatchCheckPermissionResult) MarshalJSON() ([]byte, error) {
+ toSerialize := map[string]interface{}{}
+ if true {
+ toSerialize["results"] = o.Results
+ }
+ return json.Marshal(toSerialize)
+}
+
+type NullableBatchCheckPermissionResult struct {
+ value *BatchCheckPermissionResult
+ isSet bool
+}
+
+func (v NullableBatchCheckPermissionResult) Get() *BatchCheckPermissionResult {
+ return v.value
+}
+
+func (v *NullableBatchCheckPermissionResult) Set(val *BatchCheckPermissionResult) {
+ v.value = val
+ v.isSet = true
+}
+
+func (v NullableBatchCheckPermissionResult) IsSet() bool {
+ return v.isSet
+}
+
+func (v *NullableBatchCheckPermissionResult) Unset() {
+ v.value = nil
+ v.isSet = false
+}
+
+func NewNullableBatchCheckPermissionResult(val *BatchCheckPermissionResult) *NullableBatchCheckPermissionResult {
+ return &NullableBatchCheckPermissionResult{value: val, isSet: true}
+}
+
+func (v NullableBatchCheckPermissionResult) MarshalJSON() ([]byte, error) {
+ return json.Marshal(v.value)
+}
+
+func (v *NullableBatchCheckPermissionResult) UnmarshalJSON(src []byte) error {
+ v.isSet = true
+ return json.Unmarshal(src, &v.value)
+}
diff --git a/internal/httpclient/model_check_permission_result_with_error.go b/internal/httpclient/model_check_permission_result_with_error.go
new file mode 100644
index 000000000..92558fa04
--- /dev/null
+++ b/internal/httpclient/model_check_permission_result_with_error.go
@@ -0,0 +1,145 @@
+/*
+ * Ory Keto API
+ *
+ * Documentation for all of Ory Keto's REST APIs. gRPC is documented separately.
+ *
+ * API version:
+ * Contact: hi@ory.sh
+ */
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package client
+
+import (
+ "encoding/json"
+)
+
+// CheckPermissionResultWithError Check Permission Result With Error
+type CheckPermissionResultWithError struct {
+ // whether the relation tuple is allowed
+ Allowed bool `json:"allowed"`
+ // any error generated while checking the relation tuple
+ Error *string `json:"error,omitempty"`
+}
+
+// NewCheckPermissionResultWithError instantiates a new CheckPermissionResultWithError object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewCheckPermissionResultWithError(allowed bool) *CheckPermissionResultWithError {
+ this := CheckPermissionResultWithError{}
+ this.Allowed = allowed
+ return &this
+}
+
+// NewCheckPermissionResultWithErrorWithDefaults instantiates a new CheckPermissionResultWithError object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewCheckPermissionResultWithErrorWithDefaults() *CheckPermissionResultWithError {
+ this := CheckPermissionResultWithError{}
+ return &this
+}
+
+// GetAllowed returns the Allowed field value
+func (o *CheckPermissionResultWithError) GetAllowed() bool {
+ if o == nil {
+ var ret bool
+ return ret
+ }
+
+ return o.Allowed
+}
+
+// GetAllowedOk returns a tuple with the Allowed field value
+// and a boolean to check if the value has been set.
+func (o *CheckPermissionResultWithError) GetAllowedOk() (*bool, bool) {
+ if o == nil {
+ return nil, false
+ }
+ return &o.Allowed, true
+}
+
+// SetAllowed sets field value
+func (o *CheckPermissionResultWithError) SetAllowed(v bool) {
+ o.Allowed = v
+}
+
+// GetError returns the Error field value if set, zero value otherwise.
+func (o *CheckPermissionResultWithError) GetError() string {
+ if o == nil || o.Error == nil {
+ var ret string
+ return ret
+ }
+ return *o.Error
+}
+
+// GetErrorOk returns a tuple with the Error field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *CheckPermissionResultWithError) GetErrorOk() (*string, bool) {
+ if o == nil || o.Error == nil {
+ return nil, false
+ }
+ return o.Error, true
+}
+
+// HasError returns a boolean if a field has been set.
+func (o *CheckPermissionResultWithError) HasError() bool {
+ if o != nil && o.Error != nil {
+ return true
+ }
+
+ return false
+}
+
+// SetError gets a reference to the given string and assigns it to the Error field.
+func (o *CheckPermissionResultWithError) SetError(v string) {
+ o.Error = &v
+}
+
+func (o CheckPermissionResultWithError) MarshalJSON() ([]byte, error) {
+ toSerialize := map[string]interface{}{}
+ if true {
+ toSerialize["allowed"] = o.Allowed
+ }
+ if o.Error != nil {
+ toSerialize["error"] = o.Error
+ }
+ return json.Marshal(toSerialize)
+}
+
+type NullableCheckPermissionResultWithError struct {
+ value *CheckPermissionResultWithError
+ isSet bool
+}
+
+func (v NullableCheckPermissionResultWithError) Get() *CheckPermissionResultWithError {
+ return v.value
+}
+
+func (v *NullableCheckPermissionResultWithError) Set(val *CheckPermissionResultWithError) {
+ v.value = val
+ v.isSet = true
+}
+
+func (v NullableCheckPermissionResultWithError) IsSet() bool {
+ return v.isSet
+}
+
+func (v *NullableCheckPermissionResultWithError) Unset() {
+ v.value = nil
+ v.isSet = false
+}
+
+func NewNullableCheckPermissionResultWithError(val *CheckPermissionResultWithError) *NullableCheckPermissionResultWithError {
+ return &NullableCheckPermissionResultWithError{value: val, isSet: true}
+}
+
+func (v NullableCheckPermissionResultWithError) MarshalJSON() ([]byte, error) {
+ return json.Marshal(v.value)
+}
+
+func (v *NullableCheckPermissionResultWithError) UnmarshalJSON(src []byte) error {
+ v.isSet = true
+ return json.Unmarshal(src, &v.value)
+}
diff --git a/internal/namespace/ast/operator_string.go b/internal/namespace/ast/operator_string.go
index bc0b7d5ed..74f212cb6 100644
--- a/internal/namespace/ast/operator_string.go
+++ b/internal/namespace/ast/operator_string.go
@@ -1,6 +1,3 @@
-// Copyright © 2023 Ory Corp
-// SPDX-License-Identifier: Apache-2.0
-
// Code generated by "stringer -type=Operator -linecomment"; DO NOT EDIT.
package ast
diff --git a/internal/schema/itemtype_string.go b/internal/schema/itemtype_string.go
index c38fa384f..6a24bed49 100644
--- a/internal/schema/itemtype_string.go
+++ b/internal/schema/itemtype_string.go
@@ -1,6 +1,3 @@
-// Copyright © 2023 Ory Corp
-// SPDX-License-Identifier: Apache-2.0
-
// Code generated by "stringer -type=itemType -trimprefix item -linecomment"; DO NOT EDIT.
package schema
diff --git a/proto/buf.md b/proto/buf.md
index bd575145d..c467184f8 100644
--- a/proto/buf.md
+++ b/proto/buf.md
@@ -22,8 +22,11 @@
- [SubjectSet](#ory-keto-relation_tuples-v1alpha2-SubjectSet)
- [ory/keto/relation_tuples/v1alpha2/check_service.proto](#ory_keto_relation_tuples_v1alpha2_check_service-proto)
+ - [BatchCheckRequest](#ory-keto-relation_tuples-v1alpha2-BatchCheckRequest)
+ - [BatchCheckResponse](#ory-keto-relation_tuples-v1alpha2-BatchCheckResponse)
- [CheckRequest](#ory-keto-relation_tuples-v1alpha2-CheckRequest)
- [CheckResponse](#ory-keto-relation_tuples-v1alpha2-CheckResponse)
+ - [CheckResponseWithError](#ory-keto-relation_tuples-v1alpha2-CheckResponseWithError)
- [CheckService](#ory-keto-relation_tuples-v1alpha2-CheckService)
- [ory/keto/relation_tuples/v1alpha2/expand_service.proto](#ory_keto_relation_tuples_v1alpha2_expand_service-proto)
@@ -208,6 +211,29 @@ SubjectSet refers to all subjects who have the same `relation` on an `object`.
## ory/keto/relation_tuples/v1alpha2/check_service.proto
+
+
+### BatchCheckRequest
+
+The request for a CheckService.BatchCheck RPC. Checks a batch of relations.
+
+| Field | Type | Label | Description |
+| --------- | ----------------------------------------------------------------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| tuples | [RelationTuple](#ory-keto-relation_tuples-v1alpha2-RelationTuple) | repeated | |
+| latest | [bool](#bool) | | This field is not implemented yet and has no effect.
|
+| snaptoken | [string](#string) | | This field is not implemented yet and has no effect.
|
+| max_depth | [int32](#int32) | | The maximum depth to search for a relation.
If the value is less than 1 or greater than the global
max-depth then the global max-depth will be used instead. |
+
+
+
+### BatchCheckResponse
+
+The response for a CheckService.BatchCheck rpc.
+
+| Field | Type | Label | Description |
+| ------- | ----------------------------------------------------------------------------------- | -------- | ------------------------------------------------------------------------------------------------- |
+| results | [CheckResponseWithError](#ory-keto-relation_tuples-v1alpha2-CheckResponseWithError) | repeated | The results of the batch check. The order of these
results will match the order of the input. |
+
### CheckRequest
@@ -237,6 +263,18 @@ The response for a CheckService.Check rpc.
| allowed | [bool](#bool) | | Whether the specified subject (id)
is related to the requested object.
It is false by default if no ACL matches. |
| snaptoken | [string](#string) | | This field is not implemented yet and has no effect.
|
+
+
+### CheckResponseWithError
+
+The response for an individual check in the CheckService.BatchCheck rpc.
+
+| Field | Type | Label | Description |
+| --------- | ----------------- | ----- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| allowed | [bool](#bool) | | Whether the specified subject (id)
is related to the requested object.
It is false by default if no ACL matches. |
+| error | [string](#string) | | If there was an error checking the tuple,
this will contain the error message.
If the check was performed successfully, this will be empty. |
+| snaptoken | [string](#string) | | This field is not implemented yet and has no effect.
|
+
@@ -253,9 +291,10 @@ Control Lists.
This service is part of the
[read-APIs](../concepts/25_api-overview.mdx#read-apis).
-| Method Name | Request Type | Response Type | Description |
-| ----------- | --------------------------------------------------------------- | ----------------------------------------------------------------- | -------------------------------- |
-| Check | [CheckRequest](#ory-keto-relation_tuples-v1alpha2-CheckRequest) | [CheckResponse](#ory-keto-relation_tuples-v1alpha2-CheckResponse) | Performs an authorization check. |
+| Method Name | Request Type | Response Type | Description |
+| ----------- | ------------------------------------------------------------------------- | --------------------------------------------------------------------------- | -------------------------------- |
+| Check | [CheckRequest](#ory-keto-relation_tuples-v1alpha2-CheckRequest) | [CheckResponse](#ory-keto-relation_tuples-v1alpha2-CheckResponse) | Performs an authorization check. |
+| BatchCheck | [BatchCheckRequest](#ory-keto-relation_tuples-v1alpha2-BatchCheckRequest) | [BatchCheckResponse](#ory-keto-relation_tuples-v1alpha2-BatchCheckResponse) | |
diff --git a/proto/go.mod b/proto/go.mod
index 349386e0c..a0526597b 100644
--- a/proto/go.mod
+++ b/proto/go.mod
@@ -4,8 +4,8 @@ go 1.19
require (
github.com/stretchr/testify v1.8.4
- google.golang.org/grpc v1.59.0
- google.golang.org/protobuf v1.31.0
+ google.golang.org/grpc v1.62.0
+ google.golang.org/protobuf v1.32.0
)
require (
@@ -14,10 +14,10 @@ require (
github.com/kr/pretty v0.1.0 // indirect
github.com/kr/text v0.2.0 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
- golang.org/x/net v0.14.0 // indirect
- golang.org/x/sys v0.11.0 // indirect
- golang.org/x/text v0.12.0 // indirect
- google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect
+ golang.org/x/net v0.20.0 // indirect
+ golang.org/x/sys v0.16.0 // indirect
+ golang.org/x/text v0.14.0 // indirect
+ google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 // indirect
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
)
diff --git a/proto/go.sum b/proto/go.sum
index 5f824f475..7b687c7b0 100644
--- a/proto/go.sum
+++ b/proto/go.sum
@@ -5,7 +5,7 @@ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaS
github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
@@ -16,21 +16,21 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14=
-golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI=
-golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM=
-golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc=
-golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo=
+golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
+golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
+golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d h1:uvYuEyMHKNt+lT4K3bN6fGswmK8qSvcreM3BwjDh+y4=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M=
-google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk=
-google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 h1:AjyfHzEPEFp/NpvfN5g+KDla3EMojjhRVZc1i7cj+oM=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80/go.mod h1:PAREbraiVEVGVdTZsVWjSbbTtSyGbAgIIvni8a8CD5s=
+google.golang.org/grpc v1.62.0 h1:HQKZ/fa1bXkX1oFOvSjmZEUL8wLSaZTjCcLAlmZRtdk=
+google.golang.org/grpc v1.62.0/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE=
google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
-google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I=
+google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
diff --git a/proto/ory/keto/opl/v1alpha1/syntax_service.pb.go b/proto/ory/keto/opl/v1alpha1/syntax_service.pb.go
index c23329c7a..cc740fe62 100644
--- a/proto/ory/keto/opl/v1alpha1/syntax_service.pb.go
+++ b/proto/ory/keto/opl/v1alpha1/syntax_service.pb.go
@@ -1,6 +1,6 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
-// protoc-gen-go v1.32.0
+// protoc-gen-go v1.34.2
// protoc (unknown)
// source: ory/keto/opl/v1alpha1/syntax_service.proto
@@ -293,7 +293,7 @@ func file_ory_keto_opl_v1alpha1_syntax_service_proto_rawDescGZIP() []byte {
}
var file_ory_keto_opl_v1alpha1_syntax_service_proto_msgTypes = make([]protoimpl.MessageInfo, 4)
-var file_ory_keto_opl_v1alpha1_syntax_service_proto_goTypes = []interface{}{
+var file_ory_keto_opl_v1alpha1_syntax_service_proto_goTypes = []any{
(*CheckRequest)(nil), // 0: ory.keto.opl.v1alpha1.CheckRequest
(*CheckResponse)(nil), // 1: ory.keto.opl.v1alpha1.CheckResponse
(*ParseError)(nil), // 2: ory.keto.opl.v1alpha1.ParseError
@@ -318,7 +318,7 @@ func file_ory_keto_opl_v1alpha1_syntax_service_proto_init() {
return
}
if !protoimpl.UnsafeEnabled {
- file_ory_keto_opl_v1alpha1_syntax_service_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+ file_ory_keto_opl_v1alpha1_syntax_service_proto_msgTypes[0].Exporter = func(v any, i int) any {
switch v := v.(*CheckRequest); i {
case 0:
return &v.state
@@ -330,7 +330,7 @@ func file_ory_keto_opl_v1alpha1_syntax_service_proto_init() {
return nil
}
}
- file_ory_keto_opl_v1alpha1_syntax_service_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+ file_ory_keto_opl_v1alpha1_syntax_service_proto_msgTypes[1].Exporter = func(v any, i int) any {
switch v := v.(*CheckResponse); i {
case 0:
return &v.state
@@ -342,7 +342,7 @@ func file_ory_keto_opl_v1alpha1_syntax_service_proto_init() {
return nil
}
}
- file_ory_keto_opl_v1alpha1_syntax_service_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+ file_ory_keto_opl_v1alpha1_syntax_service_proto_msgTypes[2].Exporter = func(v any, i int) any {
switch v := v.(*ParseError); i {
case 0:
return &v.state
@@ -354,7 +354,7 @@ func file_ory_keto_opl_v1alpha1_syntax_service_proto_init() {
return nil
}
}
- file_ory_keto_opl_v1alpha1_syntax_service_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+ file_ory_keto_opl_v1alpha1_syntax_service_proto_msgTypes[3].Exporter = func(v any, i int) any {
switch v := v.(*SourcePosition); i {
case 0:
return &v.state
diff --git a/proto/ory/keto/opl/v1alpha1/syntax_service_grpc.pb.go b/proto/ory/keto/opl/v1alpha1/syntax_service_grpc.pb.go
index 4a7305a35..ed9ffaff9 100644
--- a/proto/ory/keto/opl/v1alpha1/syntax_service_grpc.pb.go
+++ b/proto/ory/keto/opl/v1alpha1/syntax_service_grpc.pb.go
@@ -1,6 +1,6 @@
// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
// versions:
-// - protoc-gen-go-grpc v1.3.0
+// - protoc-gen-go-grpc v1.4.0
// - protoc (unknown)
// source: ory/keto/opl/v1alpha1/syntax_service.proto
@@ -15,8 +15,8 @@ import (
// This is a compile-time assertion to ensure that this generated file
// is compatible with the grpc package it is being compiled against.
-// Requires gRPC-Go v1.32.0 or later.
-const _ = grpc.SupportPackageIsVersion7
+// Requires gRPC-Go v1.62.0 or later.
+const _ = grpc.SupportPackageIsVersion8
const (
SyntaxService_Check_FullMethodName = "/ory.keto.opl.v1alpha1.SyntaxService/Check"
@@ -25,6 +25,8 @@ const (
// SyntaxServiceClient is the client API for SyntaxService service.
//
// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+//
+// The service that checks the syntax of an OPL file.
type SyntaxServiceClient interface {
// Performs a syntax check request.
Check(ctx context.Context, in *CheckRequest, opts ...grpc.CallOption) (*CheckResponse, error)
@@ -39,8 +41,9 @@ func NewSyntaxServiceClient(cc grpc.ClientConnInterface) SyntaxServiceClient {
}
func (c *syntaxServiceClient) Check(ctx context.Context, in *CheckRequest, opts ...grpc.CallOption) (*CheckResponse, error) {
+ cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(CheckResponse)
- err := c.cc.Invoke(ctx, SyntaxService_Check_FullMethodName, in, out, opts...)
+ err := c.cc.Invoke(ctx, SyntaxService_Check_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
@@ -50,6 +53,8 @@ func (c *syntaxServiceClient) Check(ctx context.Context, in *CheckRequest, opts
// SyntaxServiceServer is the server API for SyntaxService service.
// All implementations should embed UnimplementedSyntaxServiceServer
// for forward compatibility
+//
+// The service that checks the syntax of an OPL file.
type SyntaxServiceServer interface {
// Performs a syntax check request.
Check(context.Context, *CheckRequest) (*CheckResponse, error)
diff --git a/proto/ory/keto/opl/v1alpha1/syntax_service_pb.js b/proto/ory/keto/opl/v1alpha1/syntax_service_pb.js
index fd530a99f..891c2dbb3 100644
--- a/proto/ory/keto/opl/v1alpha1/syntax_service_pb.js
+++ b/proto/ory/keto/opl/v1alpha1/syntax_service_pb.js
@@ -141,7 +141,7 @@ proto.ory.keto.opl.v1alpha1.CheckRequest.prototype.toObject = function(opt_inclu
*/
proto.ory.keto.opl.v1alpha1.CheckRequest.toObject = function(includeInstance, msg) {
var f, obj = {
- content: msg.getContent_asB64()
+content: msg.getContent_asB64()
};
if (includeInstance) {
@@ -302,7 +302,7 @@ proto.ory.keto.opl.v1alpha1.CheckResponse.prototype.toObject = function(opt_incl
*/
proto.ory.keto.opl.v1alpha1.CheckResponse.toObject = function(includeInstance, msg) {
var f, obj = {
- parseErrorsList: jspb.Message.toObjectList(msg.getParseErrorsList(),
+parseErrorsList: jspb.Message.toObjectList(msg.getParseErrorsList(),
proto.ory.keto.opl.v1alpha1.ParseError.toObject, includeInstance)
};
@@ -455,9 +455,9 @@ proto.ory.keto.opl.v1alpha1.ParseError.prototype.toObject = function(opt_include
*/
proto.ory.keto.opl.v1alpha1.ParseError.toObject = function(includeInstance, msg) {
var f, obj = {
- message: jspb.Message.getFieldWithDefault(msg, 1, ""),
- start: (f = msg.getStart()) && proto.ory.keto.opl.v1alpha1.SourcePosition.toObject(includeInstance, f),
- end: (f = msg.getEnd()) && proto.ory.keto.opl.v1alpha1.SourcePosition.toObject(includeInstance, f)
+message: jspb.Message.getFieldWithDefault(msg, 1, ""),
+start: (f = msg.getStart()) && proto.ory.keto.opl.v1alpha1.SourcePosition.toObject(includeInstance, f),
+end: (f = msg.getEnd()) && proto.ory.keto.opl.v1alpha1.SourcePosition.toObject(includeInstance, f)
};
if (includeInstance) {
@@ -687,8 +687,8 @@ proto.ory.keto.opl.v1alpha1.SourcePosition.prototype.toObject = function(opt_inc
*/
proto.ory.keto.opl.v1alpha1.SourcePosition.toObject = function(includeInstance, msg) {
var f, obj = {
- line: jspb.Message.getFieldWithDefault(msg, 1, 0),
- column: jspb.Message.getFieldWithDefault(msg, 2, 0)
+line: jspb.Message.getFieldWithDefault(msg, 1, 0),
+column: jspb.Message.getFieldWithDefault(msg, 2, 0)
};
if (includeInstance) {
diff --git a/proto/ory/keto/relation_tuples/v1alpha2/check_service.pb.go b/proto/ory/keto/relation_tuples/v1alpha2/check_service.pb.go
index ac4f294f6..b6e9916c9 100644
--- a/proto/ory/keto/relation_tuples/v1alpha2/check_service.pb.go
+++ b/proto/ory/keto/relation_tuples/v1alpha2/check_service.pb.go
@@ -1,6 +1,6 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
-// protoc-gen-go v1.32.0
+// protoc-gen-go v1.34.2
// protoc (unknown)
// source: ory/keto/relation_tuples/v1alpha2/check_service.proto
@@ -259,6 +259,254 @@ func (x *CheckResponse) GetSnaptoken() string {
return ""
}
+// The response for an individual check in the CheckService.BatchCheck rpc.
+type CheckResponseWithError struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ // Whether the specified subject (id)
+ // is related to the requested object.
+ //
+ // It is false by default if no ACL matches.
+ Allowed bool `protobuf:"varint,1,opt,name=allowed,proto3" json:"allowed,omitempty"`
+ // If there was an error checking the tuple,
+ // this will contain the error message.
+ //
+ // If the check was performed successfully, this will be empty.
+ Error string `protobuf:"bytes,2,opt,name=error,proto3" json:"error,omitempty"`
+ // This field is not implemented yet and has no effect.
+ //
+ Snaptoken string `protobuf:"bytes,3,opt,name=snaptoken,proto3" json:"snaptoken,omitempty"`
+}
+
+func (x *CheckResponseWithError) Reset() {
+ *x = CheckResponseWithError{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_ory_keto_relation_tuples_v1alpha2_check_service_proto_msgTypes[2]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *CheckResponseWithError) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*CheckResponseWithError) ProtoMessage() {}
+
+func (x *CheckResponseWithError) ProtoReflect() protoreflect.Message {
+ mi := &file_ory_keto_relation_tuples_v1alpha2_check_service_proto_msgTypes[2]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use CheckResponseWithError.ProtoReflect.Descriptor instead.
+func (*CheckResponseWithError) Descriptor() ([]byte, []int) {
+ return file_ory_keto_relation_tuples_v1alpha2_check_service_proto_rawDescGZIP(), []int{2}
+}
+
+func (x *CheckResponseWithError) GetAllowed() bool {
+ if x != nil {
+ return x.Allowed
+ }
+ return false
+}
+
+func (x *CheckResponseWithError) GetError() string {
+ if x != nil {
+ return x.Error
+ }
+ return ""
+}
+
+func (x *CheckResponseWithError) GetSnaptoken() string {
+ if x != nil {
+ return x.Snaptoken
+ }
+ return ""
+}
+
+// The request for a CheckService.BatchCheck RPC.
+// Checks a batch of relations.
+type BatchCheckRequest struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ Tuples []*RelationTuple `protobuf:"bytes,1,rep,name=tuples,proto3" json:"tuples,omitempty"`
+ // This field is not implemented yet and has no effect.
+ //
+ Latest bool `protobuf:"varint,2,opt,name=latest,proto3" json:"latest,omitempty"`
+ // This field is not implemented yet and has no effect.
+ //
+ Snaptoken string `protobuf:"bytes,3,opt,name=snaptoken,proto3" json:"snaptoken,omitempty"`
+ // The maximum depth to search for a relation.
+ //
+ // If the value is less than 1 or greater than the global
+ // max-depth then the global max-depth will be used instead.
+ MaxDepth int32 `protobuf:"varint,4,opt,name=max_depth,json=maxDepth,proto3" json:"max_depth,omitempty"`
+}
+
+func (x *BatchCheckRequest) Reset() {
+ *x = BatchCheckRequest{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_ory_keto_relation_tuples_v1alpha2_check_service_proto_msgTypes[3]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *BatchCheckRequest) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*BatchCheckRequest) ProtoMessage() {}
+
+func (x *BatchCheckRequest) ProtoReflect() protoreflect.Message {
+ mi := &file_ory_keto_relation_tuples_v1alpha2_check_service_proto_msgTypes[3]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use BatchCheckRequest.ProtoReflect.Descriptor instead.
+func (*BatchCheckRequest) Descriptor() ([]byte, []int) {
+ return file_ory_keto_relation_tuples_v1alpha2_check_service_proto_rawDescGZIP(), []int{3}
+}
+
+func (x *BatchCheckRequest) GetTuples() []*RelationTuple {
+ if x != nil {
+ return x.Tuples
+ }
+ return nil
+}
+
+func (x *BatchCheckRequest) GetLatest() bool {
+ if x != nil {
+ return x.Latest
+ }
+ return false
+}
+
+func (x *BatchCheckRequest) GetSnaptoken() string {
+ if x != nil {
+ return x.Snaptoken
+ }
+ return ""
+}
+
+func (x *BatchCheckRequest) GetMaxDepth() int32 {
+ if x != nil {
+ return x.MaxDepth
+ }
+ return 0
+}
+
+// The response for a CheckService.BatchCheck rpc.
+type BatchCheckResponse struct {
+ state protoimpl.MessageState
+ sizeCache protoimpl.SizeCache
+ unknownFields protoimpl.UnknownFields
+
+ // The results of the batch check. The order of these
+ // results will match the order of the input.
+ Results []*CheckResponseWithError `protobuf:"bytes,1,rep,name=results,proto3" json:"results,omitempty"`
+}
+
+func (x *BatchCheckResponse) Reset() {
+ *x = BatchCheckResponse{}
+ if protoimpl.UnsafeEnabled {
+ mi := &file_ory_keto_relation_tuples_v1alpha2_check_service_proto_msgTypes[4]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+ }
+}
+
+func (x *BatchCheckResponse) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*BatchCheckResponse) ProtoMessage() {}
+
+func (x *BatchCheckResponse) ProtoReflect() protoreflect.Message {
+ mi := &file_ory_keto_relation_tuples_v1alpha2_check_service_proto_msgTypes[4]
+ if protoimpl.UnsafeEnabled && x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use BatchCheckResponse.ProtoReflect.Descriptor instead.
+func (*BatchCheckResponse) Descriptor() ([]byte, []int) {
+ return file_ory_keto_relation_tuples_v1alpha2_check_service_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *BatchCheckResponse) GetResults() []*CheckResponseWithError {
+ if x != nil {
+ return x.Results
+ }
+ return nil
+}
+
var File_ory_keto_relation_tuples_v1alpha2_check_service_proto protoreflect.FileDescriptor
var file_ory_keto_relation_tuples_v1alpha2_check_service_proto_rawDesc = []byte{
@@ -297,27 +545,59 @@ var file_ory_keto_relation_tuples_v1alpha2_check_service_proto_rawDesc = []byte{
0x77, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x61, 0x6c, 0x6c, 0x6f, 0x77,
0x65, 0x64, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18,
0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e,
- 0x32, 0x7a, 0x0a, 0x0c, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65,
- 0x12, 0x6a, 0x0a, 0x05, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x2f, 0x2e, 0x6f, 0x72, 0x79, 0x2e,
- 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x75,
- 0x70, 0x6c, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x32, 0x2e, 0x43, 0x68,
- 0x65, 0x63, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x30, 0x2e, 0x6f, 0x72, 0x79,
- 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74,
- 0x75, 0x70, 0x6c, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x32, 0x2e, 0x43,
- 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0xc2, 0x01, 0x0a,
- 0x24, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x72, 0x65, 0x6c,
+ 0x22, 0x66, 0x0a, 0x16, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
+ 0x65, 0x57, 0x69, 0x74, 0x68, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x6c,
+ 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x61, 0x6c, 0x6c,
+ 0x6f, 0x77, 0x65, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x02, 0x20,
+ 0x01, 0x28, 0x09, 0x52, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x6e,
+ 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73,
+ 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0xb0, 0x01, 0x0a, 0x11, 0x42, 0x61, 0x74,
+ 0x63, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x48,
+ 0x0a, 0x06, 0x74, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x30,
+ 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69,
+ 0x6f, 0x6e, 0x5f, 0x74, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
+ 0x61, 0x32, 0x2e, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65,
+ 0x52, 0x06, 0x74, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x6c, 0x61, 0x74, 0x65,
+ 0x73, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x6c, 0x61, 0x74, 0x65, 0x73, 0x74,
+ 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x03, 0x20,
+ 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x6e, 0x61, 0x70, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x1b,
+ 0x0a, 0x09, 0x6d, 0x61, 0x78, 0x5f, 0x64, 0x65, 0x70, 0x74, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28,
+ 0x05, 0x52, 0x08, 0x6d, 0x61, 0x78, 0x44, 0x65, 0x70, 0x74, 0x68, 0x22, 0x69, 0x0a, 0x12, 0x42,
+ 0x61, 0x74, 0x63, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
+ 0x65, 0x12, 0x53, 0x0a, 0x07, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03,
+ 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x72, 0x65,
+ 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x2e, 0x76, 0x31,
+ 0x61, 0x6c, 0x70, 0x68, 0x61, 0x32, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70,
+ 0x6f, 0x6e, 0x73, 0x65, 0x57, 0x69, 0x74, 0x68, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x07, 0x72,
+ 0x65, 0x73, 0x75, 0x6c, 0x74, 0x73, 0x32, 0xf5, 0x01, 0x0a, 0x0c, 0x43, 0x68, 0x65, 0x63, 0x6b,
+ 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x6a, 0x0a, 0x05, 0x43, 0x68, 0x65, 0x63, 0x6b,
+ 0x12, 0x2f, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x72, 0x65, 0x6c, 0x61,
+ 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x61, 0x6c,
+ 0x70, 0x68, 0x61, 0x32, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
+ 0x74, 0x1a, 0x30, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x72, 0x65, 0x6c,
0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x61,
- 0x6c, 0x70, 0x68, 0x61, 0x32, 0x42, 0x11, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65, 0x72, 0x76,
- 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x3f, 0x67, 0x69, 0x74, 0x68,
- 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f,
- 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f, 0x2f, 0x72,
- 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x2f, 0x76,
- 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x32, 0x3b, 0x72, 0x74, 0x73, 0xaa, 0x02, 0x20, 0x4f, 0x72,
- 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x54,
- 0x75, 0x70, 0x6c, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x32, 0xca, 0x02,
- 0x20, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69,
- 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x5c, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61,
- 0x32, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+ 0x6c, 0x70, 0x68, 0x61, 0x32, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f,
+ 0x6e, 0x73, 0x65, 0x12, 0x79, 0x0a, 0x0a, 0x42, 0x61, 0x74, 0x63, 0x68, 0x43, 0x68, 0x65, 0x63,
+ 0x6b, 0x12, 0x34, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x72, 0x65, 0x6c,
+ 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x61,
+ 0x6c, 0x70, 0x68, 0x61, 0x32, 0x2e, 0x42, 0x61, 0x74, 0x63, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b,
+ 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x35, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65,
+ 0x74, 0x6f, 0x2e, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x75, 0x70, 0x6c,
+ 0x65, 0x73, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x32, 0x2e, 0x42, 0x61, 0x74, 0x63,
+ 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0xc2,
+ 0x01, 0x0a, 0x24, 0x73, 0x68, 0x2e, 0x6f, 0x72, 0x79, 0x2e, 0x6b, 0x65, 0x74, 0x6f, 0x2e, 0x72,
+ 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x2e, 0x76,
+ 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x32, 0x42, 0x11, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x53, 0x65,
+ 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x3f, 0x67, 0x69,
+ 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74,
+ 0x6f, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x6f, 0x72, 0x79, 0x2f, 0x6b, 0x65, 0x74, 0x6f,
+ 0x2f, 0x72, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x75, 0x70, 0x6c, 0x65, 0x73,
+ 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x32, 0x3b, 0x72, 0x74, 0x73, 0xaa, 0x02, 0x20,
+ 0x4f, 0x72, 0x79, 0x2e, 0x4b, 0x65, 0x74, 0x6f, 0x2e, 0x52, 0x65, 0x6c, 0x61, 0x74, 0x69, 0x6f,
+ 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x32,
+ 0xca, 0x02, 0x20, 0x4f, 0x72, 0x79, 0x5c, 0x4b, 0x65, 0x74, 0x6f, 0x5c, 0x52, 0x65, 0x6c, 0x61,
+ 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x75, 0x70, 0x6c, 0x65, 0x73, 0x5c, 0x76, 0x31, 0x61, 0x6c, 0x70,
+ 0x68, 0x61, 0x32, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
}
var (
@@ -332,23 +612,30 @@ func file_ory_keto_relation_tuples_v1alpha2_check_service_proto_rawDescGZIP() []
return file_ory_keto_relation_tuples_v1alpha2_check_service_proto_rawDescData
}
-var file_ory_keto_relation_tuples_v1alpha2_check_service_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
-var file_ory_keto_relation_tuples_v1alpha2_check_service_proto_goTypes = []interface{}{
- (*CheckRequest)(nil), // 0: ory.keto.relation_tuples.v1alpha2.CheckRequest
- (*CheckResponse)(nil), // 1: ory.keto.relation_tuples.v1alpha2.CheckResponse
- (*Subject)(nil), // 2: ory.keto.relation_tuples.v1alpha2.Subject
- (*RelationTuple)(nil), // 3: ory.keto.relation_tuples.v1alpha2.RelationTuple
+var file_ory_keto_relation_tuples_v1alpha2_check_service_proto_msgTypes = make([]protoimpl.MessageInfo, 5)
+var file_ory_keto_relation_tuples_v1alpha2_check_service_proto_goTypes = []any{
+ (*CheckRequest)(nil), // 0: ory.keto.relation_tuples.v1alpha2.CheckRequest
+ (*CheckResponse)(nil), // 1: ory.keto.relation_tuples.v1alpha2.CheckResponse
+ (*CheckResponseWithError)(nil), // 2: ory.keto.relation_tuples.v1alpha2.CheckResponseWithError
+ (*BatchCheckRequest)(nil), // 3: ory.keto.relation_tuples.v1alpha2.BatchCheckRequest
+ (*BatchCheckResponse)(nil), // 4: ory.keto.relation_tuples.v1alpha2.BatchCheckResponse
+ (*Subject)(nil), // 5: ory.keto.relation_tuples.v1alpha2.Subject
+ (*RelationTuple)(nil), // 6: ory.keto.relation_tuples.v1alpha2.RelationTuple
}
var file_ory_keto_relation_tuples_v1alpha2_check_service_proto_depIdxs = []int32{
- 2, // 0: ory.keto.relation_tuples.v1alpha2.CheckRequest.subject:type_name -> ory.keto.relation_tuples.v1alpha2.Subject
- 3, // 1: ory.keto.relation_tuples.v1alpha2.CheckRequest.tuple:type_name -> ory.keto.relation_tuples.v1alpha2.RelationTuple
- 0, // 2: ory.keto.relation_tuples.v1alpha2.CheckService.Check:input_type -> ory.keto.relation_tuples.v1alpha2.CheckRequest
- 1, // 3: ory.keto.relation_tuples.v1alpha2.CheckService.Check:output_type -> ory.keto.relation_tuples.v1alpha2.CheckResponse
- 3, // [3:4] is the sub-list for method output_type
- 2, // [2:3] is the sub-list for method input_type
- 2, // [2:2] is the sub-list for extension type_name
- 2, // [2:2] is the sub-list for extension extendee
- 0, // [0:2] is the sub-list for field type_name
+ 5, // 0: ory.keto.relation_tuples.v1alpha2.CheckRequest.subject:type_name -> ory.keto.relation_tuples.v1alpha2.Subject
+ 6, // 1: ory.keto.relation_tuples.v1alpha2.CheckRequest.tuple:type_name -> ory.keto.relation_tuples.v1alpha2.RelationTuple
+ 6, // 2: ory.keto.relation_tuples.v1alpha2.BatchCheckRequest.tuples:type_name -> ory.keto.relation_tuples.v1alpha2.RelationTuple
+ 2, // 3: ory.keto.relation_tuples.v1alpha2.BatchCheckResponse.results:type_name -> ory.keto.relation_tuples.v1alpha2.CheckResponseWithError
+ 0, // 4: ory.keto.relation_tuples.v1alpha2.CheckService.Check:input_type -> ory.keto.relation_tuples.v1alpha2.CheckRequest
+ 3, // 5: ory.keto.relation_tuples.v1alpha2.CheckService.BatchCheck:input_type -> ory.keto.relation_tuples.v1alpha2.BatchCheckRequest
+ 1, // 6: ory.keto.relation_tuples.v1alpha2.CheckService.Check:output_type -> ory.keto.relation_tuples.v1alpha2.CheckResponse
+ 4, // 7: ory.keto.relation_tuples.v1alpha2.CheckService.BatchCheck:output_type -> ory.keto.relation_tuples.v1alpha2.BatchCheckResponse
+ 6, // [6:8] is the sub-list for method output_type
+ 4, // [4:6] is the sub-list for method input_type
+ 4, // [4:4] is the sub-list for extension type_name
+ 4, // [4:4] is the sub-list for extension extendee
+ 0, // [0:4] is the sub-list for field type_name
}
func init() { file_ory_keto_relation_tuples_v1alpha2_check_service_proto_init() }
@@ -358,7 +645,7 @@ func file_ory_keto_relation_tuples_v1alpha2_check_service_proto_init() {
}
file_ory_keto_relation_tuples_v1alpha2_relation_tuples_proto_init()
if !protoimpl.UnsafeEnabled {
- file_ory_keto_relation_tuples_v1alpha2_check_service_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+ file_ory_keto_relation_tuples_v1alpha2_check_service_proto_msgTypes[0].Exporter = func(v any, i int) any {
switch v := v.(*CheckRequest); i {
case 0:
return &v.state
@@ -370,7 +657,7 @@ func file_ory_keto_relation_tuples_v1alpha2_check_service_proto_init() {
return nil
}
}
- file_ory_keto_relation_tuples_v1alpha2_check_service_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+ file_ory_keto_relation_tuples_v1alpha2_check_service_proto_msgTypes[1].Exporter = func(v any, i int) any {
switch v := v.(*CheckResponse); i {
case 0:
return &v.state
@@ -382,6 +669,42 @@ func file_ory_keto_relation_tuples_v1alpha2_check_service_proto_init() {
return nil
}
}
+ file_ory_keto_relation_tuples_v1alpha2_check_service_proto_msgTypes[2].Exporter = func(v any, i int) any {
+ switch v := v.(*CheckResponseWithError); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_ory_keto_relation_tuples_v1alpha2_check_service_proto_msgTypes[3].Exporter = func(v any, i int) any {
+ switch v := v.(*BatchCheckRequest); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
+ file_ory_keto_relation_tuples_v1alpha2_check_service_proto_msgTypes[4].Exporter = func(v any, i int) any {
+ switch v := v.(*BatchCheckResponse); i {
+ case 0:
+ return &v.state
+ case 1:
+ return &v.sizeCache
+ case 2:
+ return &v.unknownFields
+ default:
+ return nil
+ }
+ }
}
type x struct{}
out := protoimpl.TypeBuilder{
@@ -389,7 +712,7 @@ func file_ory_keto_relation_tuples_v1alpha2_check_service_proto_init() {
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
RawDescriptor: file_ory_keto_relation_tuples_v1alpha2_check_service_proto_rawDesc,
NumEnums: 0,
- NumMessages: 2,
+ NumMessages: 5,
NumExtensions: 0,
NumServices: 1,
},
diff --git a/proto/ory/keto/relation_tuples/v1alpha2/check_service.proto b/proto/ory/keto/relation_tuples/v1alpha2/check_service.proto
index bda49a33f..53912a4ed 100644
--- a/proto/ory/keto/relation_tuples/v1alpha2/check_service.proto
+++ b/proto/ory/keto/relation_tuples/v1alpha2/check_service.proto
@@ -18,6 +18,7 @@ option php_namespace = "Ory\\Keto\\RelationTuples\\v1alpha2";
service CheckService {
// Performs an authorization check.
rpc Check(CheckRequest) returns (CheckResponse);
+ rpc BatchCheck(BatchCheckRequest) returns (BatchCheckResponse);
}
// The request for a CheckService.Check RPC.
@@ -105,3 +106,87 @@ message CheckResponse {
// -->
string snaptoken = 2;
}
+
+// The response for an individual check in the CheckService.BatchCheck rpc.
+message CheckResponseWithError {
+ // Whether the specified subject (id)
+ // is related to the requested object.
+ //
+ // It is false by default if no ACL matches.
+ bool allowed = 1;
+ // If there was an error checking the tuple,
+ // this will contain the error message.
+ //
+ // If the check was performed successfully, this will be empty.
+ string error = 2;
+ // This field is not implemented yet and has no effect.
+ //
+ string snaptoken = 3;
+}
+
+// The request for a CheckService.BatchCheck RPC.
+// Checks a batch of relations.
+message BatchCheckRequest {
+ repeated RelationTuple tuples = 1;
+
+ // This field is not implemented yet and has no effect.
+ //
+ bool latest = 2;
+ // This field is not implemented yet and has no effect.
+ //
+ string snaptoken = 3;
+ // The maximum depth to search for a relation.
+ //
+ // If the value is less than 1 or greater than the global
+ // max-depth then the global max-depth will be used instead.
+ int32 max_depth = 4;
+}
+
+// The response for a CheckService.BatchCheck rpc.
+message BatchCheckResponse {
+ // The results of the batch check. The order of these
+ // results will match the order of the input.
+ repeated CheckResponseWithError results = 1;
+}
diff --git a/proto/ory/keto/relation_tuples/v1alpha2/check_service_grpc.pb.go b/proto/ory/keto/relation_tuples/v1alpha2/check_service_grpc.pb.go
index 5437d83dc..019121301 100644
--- a/proto/ory/keto/relation_tuples/v1alpha2/check_service_grpc.pb.go
+++ b/proto/ory/keto/relation_tuples/v1alpha2/check_service_grpc.pb.go
@@ -1,6 +1,6 @@
// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
// versions:
-// - protoc-gen-go-grpc v1.3.0
+// - protoc-gen-go-grpc v1.4.0
// - protoc (unknown)
// source: ory/keto/relation_tuples/v1alpha2/check_service.proto
@@ -15,19 +15,26 @@ import (
// This is a compile-time assertion to ensure that this generated file
// is compatible with the grpc package it is being compiled against.
-// Requires gRPC-Go v1.32.0 or later.
-const _ = grpc.SupportPackageIsVersion7
+// Requires gRPC-Go v1.62.0 or later.
+const _ = grpc.SupportPackageIsVersion8
const (
- CheckService_Check_FullMethodName = "/ory.keto.relation_tuples.v1alpha2.CheckService/Check"
+ CheckService_Check_FullMethodName = "/ory.keto.relation_tuples.v1alpha2.CheckService/Check"
+ CheckService_BatchCheck_FullMethodName = "/ory.keto.relation_tuples.v1alpha2.CheckService/BatchCheck"
)
// CheckServiceClient is the client API for CheckService service.
//
// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+//
+// The service that performs authorization checks
+// based on the stored Access Control Lists.
+//
+// This service is part of the [read-APIs](../concepts/25_api-overview.mdx#read-apis).
type CheckServiceClient interface {
// Performs an authorization check.
Check(ctx context.Context, in *CheckRequest, opts ...grpc.CallOption) (*CheckResponse, error)
+ BatchCheck(ctx context.Context, in *BatchCheckRequest, opts ...grpc.CallOption) (*BatchCheckResponse, error)
}
type checkServiceClient struct {
@@ -39,8 +46,19 @@ func NewCheckServiceClient(cc grpc.ClientConnInterface) CheckServiceClient {
}
func (c *checkServiceClient) Check(ctx context.Context, in *CheckRequest, opts ...grpc.CallOption) (*CheckResponse, error) {
+ cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(CheckResponse)
- err := c.cc.Invoke(ctx, CheckService_Check_FullMethodName, in, out, opts...)
+ err := c.cc.Invoke(ctx, CheckService_Check_FullMethodName, in, out, cOpts...)
+ if err != nil {
+ return nil, err
+ }
+ return out, nil
+}
+
+func (c *checkServiceClient) BatchCheck(ctx context.Context, in *BatchCheckRequest, opts ...grpc.CallOption) (*BatchCheckResponse, error) {
+ cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+ out := new(BatchCheckResponse)
+ err := c.cc.Invoke(ctx, CheckService_BatchCheck_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
@@ -50,9 +68,15 @@ func (c *checkServiceClient) Check(ctx context.Context, in *CheckRequest, opts .
// CheckServiceServer is the server API for CheckService service.
// All implementations should embed UnimplementedCheckServiceServer
// for forward compatibility
+//
+// The service that performs authorization checks
+// based on the stored Access Control Lists.
+//
+// This service is part of the [read-APIs](../concepts/25_api-overview.mdx#read-apis).
type CheckServiceServer interface {
// Performs an authorization check.
Check(context.Context, *CheckRequest) (*CheckResponse, error)
+ BatchCheck(context.Context, *BatchCheckRequest) (*BatchCheckResponse, error)
}
// UnimplementedCheckServiceServer should be embedded to have forward compatible implementations.
@@ -62,6 +86,9 @@ type UnimplementedCheckServiceServer struct {
func (UnimplementedCheckServiceServer) Check(context.Context, *CheckRequest) (*CheckResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method Check not implemented")
}
+func (UnimplementedCheckServiceServer) BatchCheck(context.Context, *BatchCheckRequest) (*BatchCheckResponse, error) {
+ return nil, status.Errorf(codes.Unimplemented, "method BatchCheck not implemented")
+}
// UnsafeCheckServiceServer may be embedded to opt out of forward compatibility for this service.
// Use of this interface is not recommended, as added methods to CheckServiceServer will
@@ -92,6 +119,24 @@ func _CheckService_Check_Handler(srv interface{}, ctx context.Context, dec func(
return interceptor(ctx, in, info, handler)
}
+func _CheckService_BatchCheck_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+ in := new(BatchCheckRequest)
+ if err := dec(in); err != nil {
+ return nil, err
+ }
+ if interceptor == nil {
+ return srv.(CheckServiceServer).BatchCheck(ctx, in)
+ }
+ info := &grpc.UnaryServerInfo{
+ Server: srv,
+ FullMethod: CheckService_BatchCheck_FullMethodName,
+ }
+ handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+ return srv.(CheckServiceServer).BatchCheck(ctx, req.(*BatchCheckRequest))
+ }
+ return interceptor(ctx, in, info, handler)
+}
+
// CheckService_ServiceDesc is the grpc.ServiceDesc for CheckService service.
// It's only intended for direct use with grpc.RegisterService,
// and not to be introspected or modified (even as a copy)
@@ -103,6 +148,10 @@ var CheckService_ServiceDesc = grpc.ServiceDesc{
MethodName: "Check",
Handler: _CheckService_Check_Handler,
},
+ {
+ MethodName: "BatchCheck",
+ Handler: _CheckService_BatchCheck_Handler,
+ },
},
Streams: []grpc.StreamDesc{},
Metadata: "ory/keto/relation_tuples/v1alpha2/check_service.proto",
diff --git a/proto/ory/keto/relation_tuples/v1alpha2/check_service_grpc_pb.d.ts b/proto/ory/keto/relation_tuples/v1alpha2/check_service_grpc_pb.d.ts
index c083ad858..8363e60aa 100644
--- a/proto/ory/keto/relation_tuples/v1alpha2/check_service_grpc_pb.d.ts
+++ b/proto/ory/keto/relation_tuples/v1alpha2/check_service_grpc_pb.d.ts
@@ -10,6 +10,7 @@ import * as ory_keto_relation_tuples_v1alpha2_relation_tuples_pb from "../../../
interface ICheckServiceService extends grpc.ServiceDefinition {
check: ICheckServiceService_ICheck;
+ batchCheck: ICheckServiceService_IBatchCheck;
}
interface ICheckServiceService_ICheck extends grpc.MethodDefinition {
@@ -21,17 +22,30 @@ interface ICheckServiceService_ICheck extends grpc.MethodDefinition;
responseDeserialize: grpc.deserialize;
}
+interface ICheckServiceService_IBatchCheck extends grpc.MethodDefinition {
+ path: "/ory.keto.relation_tuples.v1alpha2.CheckService/BatchCheck";
+ requestStream: false;
+ responseStream: false;
+ requestSerialize: grpc.serialize;
+ requestDeserialize: grpc.deserialize;
+ responseSerialize: grpc.serialize;
+ responseDeserialize: grpc.deserialize;
+}
export const CheckServiceService: ICheckServiceService;
export interface ICheckServiceServer extends grpc.UntypedServiceImplementation {
check: grpc.handleUnaryCall;
+ batchCheck: grpc.handleUnaryCall;
}
export interface ICheckServiceClient {
check(request: ory_keto_relation_tuples_v1alpha2_check_service_pb.CheckRequest, callback: (error: grpc.ServiceError | null, response: ory_keto_relation_tuples_v1alpha2_check_service_pb.CheckResponse) => void): grpc.ClientUnaryCall;
check(request: ory_keto_relation_tuples_v1alpha2_check_service_pb.CheckRequest, metadata: grpc.Metadata, callback: (error: grpc.ServiceError | null, response: ory_keto_relation_tuples_v1alpha2_check_service_pb.CheckResponse) => void): grpc.ClientUnaryCall;
check(request: ory_keto_relation_tuples_v1alpha2_check_service_pb.CheckRequest, metadata: grpc.Metadata, options: Partial, callback: (error: grpc.ServiceError | null, response: ory_keto_relation_tuples_v1alpha2_check_service_pb.CheckResponse) => void): grpc.ClientUnaryCall;
+ batchCheck(request: ory_keto_relation_tuples_v1alpha2_check_service_pb.BatchCheckRequest, callback: (error: grpc.ServiceError | null, response: ory_keto_relation_tuples_v1alpha2_check_service_pb.BatchCheckResponse) => void): grpc.ClientUnaryCall;
+ batchCheck(request: ory_keto_relation_tuples_v1alpha2_check_service_pb.BatchCheckRequest, metadata: grpc.Metadata, callback: (error: grpc.ServiceError | null, response: ory_keto_relation_tuples_v1alpha2_check_service_pb.BatchCheckResponse) => void): grpc.ClientUnaryCall;
+ batchCheck(request: ory_keto_relation_tuples_v1alpha2_check_service_pb.BatchCheckRequest, metadata: grpc.Metadata, options: Partial, callback: (error: grpc.ServiceError | null, response: ory_keto_relation_tuples_v1alpha2_check_service_pb.BatchCheckResponse) => void): grpc.ClientUnaryCall;
}
export class CheckServiceClient extends grpc.Client implements ICheckServiceClient {
@@ -39,4 +53,7 @@ export class CheckServiceClient extends grpc.Client implements ICheckServiceClie
public check(request: ory_keto_relation_tuples_v1alpha2_check_service_pb.CheckRequest, callback: (error: grpc.ServiceError | null, response: ory_keto_relation_tuples_v1alpha2_check_service_pb.CheckResponse) => void): grpc.ClientUnaryCall;
public check(request: ory_keto_relation_tuples_v1alpha2_check_service_pb.CheckRequest, metadata: grpc.Metadata, callback: (error: grpc.ServiceError | null, response: ory_keto_relation_tuples_v1alpha2_check_service_pb.CheckResponse) => void): grpc.ClientUnaryCall;
public check(request: ory_keto_relation_tuples_v1alpha2_check_service_pb.CheckRequest, metadata: grpc.Metadata, options: Partial, callback: (error: grpc.ServiceError | null, response: ory_keto_relation_tuples_v1alpha2_check_service_pb.CheckResponse) => void): grpc.ClientUnaryCall;
+ public batchCheck(request: ory_keto_relation_tuples_v1alpha2_check_service_pb.BatchCheckRequest, callback: (error: grpc.ServiceError | null, response: ory_keto_relation_tuples_v1alpha2_check_service_pb.BatchCheckResponse) => void): grpc.ClientUnaryCall;
+ public batchCheck(request: ory_keto_relation_tuples_v1alpha2_check_service_pb.BatchCheckRequest, metadata: grpc.Metadata, callback: (error: grpc.ServiceError | null, response: ory_keto_relation_tuples_v1alpha2_check_service_pb.BatchCheckResponse) => void): grpc.ClientUnaryCall;
+ public batchCheck(request: ory_keto_relation_tuples_v1alpha2_check_service_pb.BatchCheckRequest, metadata: grpc.Metadata, options: Partial, callback: (error: grpc.ServiceError | null, response: ory_keto_relation_tuples_v1alpha2_check_service_pb.BatchCheckResponse) => void): grpc.ClientUnaryCall;
}
diff --git a/proto/ory/keto/relation_tuples/v1alpha2/check_service_grpc_pb.js b/proto/ory/keto/relation_tuples/v1alpha2/check_service_grpc_pb.js
index 57fdbffb3..262b3df36 100644
--- a/proto/ory/keto/relation_tuples/v1alpha2/check_service_grpc_pb.js
+++ b/proto/ory/keto/relation_tuples/v1alpha2/check_service_grpc_pb.js
@@ -5,6 +5,28 @@ var grpc = require('@grpc/grpc-js');
var ory_keto_relation_tuples_v1alpha2_check_service_pb = require('../../../../ory/keto/relation_tuples/v1alpha2/check_service_pb.js');
var ory_keto_relation_tuples_v1alpha2_relation_tuples_pb = require('../../../../ory/keto/relation_tuples/v1alpha2/relation_tuples_pb.js');
+function serialize_ory_keto_relation_tuples_v1alpha2_BatchCheckRequest(arg) {
+ if (!(arg instanceof ory_keto_relation_tuples_v1alpha2_check_service_pb.BatchCheckRequest)) {
+ throw new Error('Expected argument of type ory.keto.relation_tuples.v1alpha2.BatchCheckRequest');
+ }
+ return Buffer.from(arg.serializeBinary());
+}
+
+function deserialize_ory_keto_relation_tuples_v1alpha2_BatchCheckRequest(buffer_arg) {
+ return ory_keto_relation_tuples_v1alpha2_check_service_pb.BatchCheckRequest.deserializeBinary(new Uint8Array(buffer_arg));
+}
+
+function serialize_ory_keto_relation_tuples_v1alpha2_BatchCheckResponse(arg) {
+ if (!(arg instanceof ory_keto_relation_tuples_v1alpha2_check_service_pb.BatchCheckResponse)) {
+ throw new Error('Expected argument of type ory.keto.relation_tuples.v1alpha2.BatchCheckResponse');
+ }
+ return Buffer.from(arg.serializeBinary());
+}
+
+function deserialize_ory_keto_relation_tuples_v1alpha2_BatchCheckResponse(buffer_arg) {
+ return ory_keto_relation_tuples_v1alpha2_check_service_pb.BatchCheckResponse.deserializeBinary(new Uint8Array(buffer_arg));
+}
+
function serialize_ory_keto_relation_tuples_v1alpha2_CheckRequest(arg) {
if (!(arg instanceof ory_keto_relation_tuples_v1alpha2_check_service_pb.CheckRequest)) {
throw new Error('Expected argument of type ory.keto.relation_tuples.v1alpha2.CheckRequest');
@@ -45,6 +67,17 @@ check: {
responseSerialize: serialize_ory_keto_relation_tuples_v1alpha2_CheckResponse,
responseDeserialize: deserialize_ory_keto_relation_tuples_v1alpha2_CheckResponse,
},
+ batchCheck: {
+ path: '/ory.keto.relation_tuples.v1alpha2.CheckService/BatchCheck',
+ requestStream: false,
+ responseStream: false,
+ requestType: ory_keto_relation_tuples_v1alpha2_check_service_pb.BatchCheckRequest,
+ responseType: ory_keto_relation_tuples_v1alpha2_check_service_pb.BatchCheckResponse,
+ requestSerialize: serialize_ory_keto_relation_tuples_v1alpha2_BatchCheckRequest,
+ requestDeserialize: deserialize_ory_keto_relation_tuples_v1alpha2_BatchCheckRequest,
+ responseSerialize: serialize_ory_keto_relation_tuples_v1alpha2_BatchCheckResponse,
+ responseDeserialize: deserialize_ory_keto_relation_tuples_v1alpha2_BatchCheckResponse,
+ },
};
exports.CheckServiceClient = grpc.makeGenericClientConstructor(CheckServiceService);
diff --git a/proto/ory/keto/relation_tuples/v1alpha2/check_service_pb.d.ts b/proto/ory/keto/relation_tuples/v1alpha2/check_service_pb.d.ts
index 277e8081a..3d10e3115 100644
--- a/proto/ory/keto/relation_tuples/v1alpha2/check_service_pb.d.ts
+++ b/proto/ory/keto/relation_tuples/v1alpha2/check_service_pb.d.ts
@@ -76,3 +76,82 @@ export namespace CheckResponse {
snaptoken: string,
}
}
+
+export class CheckResponseWithError extends jspb.Message {
+ getAllowed(): boolean;
+ setAllowed(value: boolean): CheckResponseWithError;
+ getError(): string;
+ setError(value: string): CheckResponseWithError;
+ getSnaptoken(): string;
+ setSnaptoken(value: string): CheckResponseWithError;
+
+ serializeBinary(): Uint8Array;
+ toObject(includeInstance?: boolean): CheckResponseWithError.AsObject;
+ static toObject(includeInstance: boolean, msg: CheckResponseWithError): CheckResponseWithError.AsObject;
+ static extensions: {[key: number]: jspb.ExtensionFieldInfo};
+ static extensionsBinary: {[key: number]: jspb.ExtensionFieldBinaryInfo};
+ static serializeBinaryToWriter(message: CheckResponseWithError, writer: jspb.BinaryWriter): void;
+ static deserializeBinary(bytes: Uint8Array): CheckResponseWithError;
+ static deserializeBinaryFromReader(message: CheckResponseWithError, reader: jspb.BinaryReader): CheckResponseWithError;
+}
+
+export namespace CheckResponseWithError {
+ export type AsObject = {
+ allowed: boolean,
+ error: string,
+ snaptoken: string,
+ }
+}
+
+export class BatchCheckRequest extends jspb.Message {
+ clearTuplesList(): void;
+ getTuplesList(): Array;
+ setTuplesList(value: Array): BatchCheckRequest;
+ addTuples(value?: ory_keto_relation_tuples_v1alpha2_relation_tuples_pb.RelationTuple, index?: number): ory_keto_relation_tuples_v1alpha2_relation_tuples_pb.RelationTuple;
+ getLatest(): boolean;
+ setLatest(value: boolean): BatchCheckRequest;
+ getSnaptoken(): string;
+ setSnaptoken(value: string): BatchCheckRequest;
+ getMaxDepth(): number;
+ setMaxDepth(value: number): BatchCheckRequest;
+
+ serializeBinary(): Uint8Array;
+ toObject(includeInstance?: boolean): BatchCheckRequest.AsObject;
+ static toObject(includeInstance: boolean, msg: BatchCheckRequest): BatchCheckRequest.AsObject;
+ static extensions: {[key: number]: jspb.ExtensionFieldInfo};
+ static extensionsBinary: {[key: number]: jspb.ExtensionFieldBinaryInfo};
+ static serializeBinaryToWriter(message: BatchCheckRequest, writer: jspb.BinaryWriter): void;
+ static deserializeBinary(bytes: Uint8Array): BatchCheckRequest;
+ static deserializeBinaryFromReader(message: BatchCheckRequest, reader: jspb.BinaryReader): BatchCheckRequest;
+}
+
+export namespace BatchCheckRequest {
+ export type AsObject = {
+ tuplesList: Array,
+ latest: boolean,
+ snaptoken: string,
+ maxDepth: number,
+ }
+}
+
+export class BatchCheckResponse extends jspb.Message {
+ clearResultsList(): void;
+ getResultsList(): Array;
+ setResultsList(value: Array): BatchCheckResponse;
+ addResults(value?: CheckResponseWithError, index?: number): CheckResponseWithError;
+
+ serializeBinary(): Uint8Array;
+ toObject(includeInstance?: boolean): BatchCheckResponse.AsObject;
+ static toObject(includeInstance: boolean, msg: BatchCheckResponse): BatchCheckResponse.AsObject;
+ static extensions: {[key: number]: jspb.ExtensionFieldInfo};
+ static extensionsBinary: {[key: number]: jspb.ExtensionFieldBinaryInfo};
+ static serializeBinaryToWriter(message: BatchCheckResponse, writer: jspb.BinaryWriter): void;
+ static deserializeBinary(bytes: Uint8Array): BatchCheckResponse;
+ static deserializeBinaryFromReader(message: BatchCheckResponse, reader: jspb.BinaryReader): BatchCheckResponse;
+}
+
+export namespace BatchCheckResponse {
+ export type AsObject = {
+ resultsList: Array,
+ }
+}
diff --git a/proto/ory/keto/relation_tuples/v1alpha2/check_service_pb.js b/proto/ory/keto/relation_tuples/v1alpha2/check_service_pb.js
index d1912cc0b..980a04de0 100644
--- a/proto/ory/keto/relation_tuples/v1alpha2/check_service_pb.js
+++ b/proto/ory/keto/relation_tuples/v1alpha2/check_service_pb.js
@@ -23,8 +23,11 @@ var global =
var ory_keto_relation_tuples_v1alpha2_relation_tuples_pb = require('../../../../ory/keto/relation_tuples/v1alpha2/relation_tuples_pb.js');
goog.object.extend(proto, ory_keto_relation_tuples_v1alpha2_relation_tuples_pb);
+goog.exportSymbol('proto.ory.keto.relation_tuples.v1alpha2.BatchCheckRequest', null, global);
+goog.exportSymbol('proto.ory.keto.relation_tuples.v1alpha2.BatchCheckResponse', null, global);
goog.exportSymbol('proto.ory.keto.relation_tuples.v1alpha2.CheckRequest', null, global);
goog.exportSymbol('proto.ory.keto.relation_tuples.v1alpha2.CheckResponse', null, global);
+goog.exportSymbol('proto.ory.keto.relation_tuples.v1alpha2.CheckResponseWithError', null, global);
/**
* Generated by JsPbCodeGenerator.
* @param {Array=} opt_data Optional initial data array, typically from a
@@ -67,6 +70,69 @@ if (goog.DEBUG && !COMPILED) {
*/
proto.ory.keto.relation_tuples.v1alpha2.CheckResponse.displayName = 'proto.ory.keto.relation_tuples.v1alpha2.CheckResponse';
}
+/**
+ * Generated by JsPbCodeGenerator.
+ * @param {Array=} opt_data Optional initial data array, typically from a
+ * server response, or constructed directly in Javascript. The array is used
+ * in place and becomes part of the constructed object. It is not cloned.
+ * If no data is provided, the constructed object will be empty, but still
+ * valid.
+ * @extends {jspb.Message}
+ * @constructor
+ */
+proto.ory.keto.relation_tuples.v1alpha2.CheckResponseWithError = function(opt_data) {
+ jspb.Message.initialize(this, opt_data, 0, -1, null, null);
+};
+goog.inherits(proto.ory.keto.relation_tuples.v1alpha2.CheckResponseWithError, jspb.Message);
+if (goog.DEBUG && !COMPILED) {
+ /**
+ * @public
+ * @override
+ */
+ proto.ory.keto.relation_tuples.v1alpha2.CheckResponseWithError.displayName = 'proto.ory.keto.relation_tuples.v1alpha2.CheckResponseWithError';
+}
+/**
+ * Generated by JsPbCodeGenerator.
+ * @param {Array=} opt_data Optional initial data array, typically from a
+ * server response, or constructed directly in Javascript. The array is used
+ * in place and becomes part of the constructed object. It is not cloned.
+ * If no data is provided, the constructed object will be empty, but still
+ * valid.
+ * @extends {jspb.Message}
+ * @constructor
+ */
+proto.ory.keto.relation_tuples.v1alpha2.BatchCheckRequest = function(opt_data) {
+ jspb.Message.initialize(this, opt_data, 0, -1, proto.ory.keto.relation_tuples.v1alpha2.BatchCheckRequest.repeatedFields_, null);
+};
+goog.inherits(proto.ory.keto.relation_tuples.v1alpha2.BatchCheckRequest, jspb.Message);
+if (goog.DEBUG && !COMPILED) {
+ /**
+ * @public
+ * @override
+ */
+ proto.ory.keto.relation_tuples.v1alpha2.BatchCheckRequest.displayName = 'proto.ory.keto.relation_tuples.v1alpha2.BatchCheckRequest';
+}
+/**
+ * Generated by JsPbCodeGenerator.
+ * @param {Array=} opt_data Optional initial data array, typically from a
+ * server response, or constructed directly in Javascript. The array is used
+ * in place and becomes part of the constructed object. It is not cloned.
+ * If no data is provided, the constructed object will be empty, but still
+ * valid.
+ * @extends {jspb.Message}
+ * @constructor
+ */
+proto.ory.keto.relation_tuples.v1alpha2.BatchCheckResponse = function(opt_data) {
+ jspb.Message.initialize(this, opt_data, 0, -1, proto.ory.keto.relation_tuples.v1alpha2.BatchCheckResponse.repeatedFields_, null);
+};
+goog.inherits(proto.ory.keto.relation_tuples.v1alpha2.BatchCheckResponse, jspb.Message);
+if (goog.DEBUG && !COMPILED) {
+ /**
+ * @public
+ * @override
+ */
+ proto.ory.keto.relation_tuples.v1alpha2.BatchCheckResponse.displayName = 'proto.ory.keto.relation_tuples.v1alpha2.BatchCheckResponse';
+}
@@ -99,14 +165,14 @@ proto.ory.keto.relation_tuples.v1alpha2.CheckRequest.prototype.toObject = functi
*/
proto.ory.keto.relation_tuples.v1alpha2.CheckRequest.toObject = function(includeInstance, msg) {
var f, obj = {
- namespace: jspb.Message.getFieldWithDefault(msg, 1, ""),
- object: jspb.Message.getFieldWithDefault(msg, 2, ""),
- relation: jspb.Message.getFieldWithDefault(msg, 3, ""),
- subject: (f = msg.getSubject()) && ory_keto_relation_tuples_v1alpha2_relation_tuples_pb.Subject.toObject(includeInstance, f),
- tuple: (f = msg.getTuple()) && ory_keto_relation_tuples_v1alpha2_relation_tuples_pb.RelationTuple.toObject(includeInstance, f),
- latest: jspb.Message.getBooleanFieldWithDefault(msg, 5, false),
- snaptoken: jspb.Message.getFieldWithDefault(msg, 6, ""),
- maxDepth: jspb.Message.getFieldWithDefault(msg, 7, 0)
+namespace: jspb.Message.getFieldWithDefault(msg, 1, ""),
+object: jspb.Message.getFieldWithDefault(msg, 2, ""),
+relation: jspb.Message.getFieldWithDefault(msg, 3, ""),
+subject: (f = msg.getSubject()) && ory_keto_relation_tuples_v1alpha2_relation_tuples_pb.Subject.toObject(includeInstance, f),
+tuple: (f = msg.getTuple()) && ory_keto_relation_tuples_v1alpha2_relation_tuples_pb.RelationTuple.toObject(includeInstance, f),
+latest: jspb.Message.getBooleanFieldWithDefault(msg, 5, false),
+snaptoken: jspb.Message.getFieldWithDefault(msg, 6, ""),
+maxDepth: jspb.Message.getFieldWithDefault(msg, 7, 0)
};
if (includeInstance) {
@@ -481,8 +547,8 @@ proto.ory.keto.relation_tuples.v1alpha2.CheckResponse.prototype.toObject = funct
*/
proto.ory.keto.relation_tuples.v1alpha2.CheckResponse.toObject = function(includeInstance, msg) {
var f, obj = {
- allowed: jspb.Message.getBooleanFieldWithDefault(msg, 1, false),
- snaptoken: jspb.Message.getFieldWithDefault(msg, 2, "")
+allowed: jspb.Message.getBooleanFieldWithDefault(msg, 1, false),
+snaptoken: jspb.Message.getFieldWithDefault(msg, 2, "")
};
if (includeInstance) {
@@ -609,4 +675,604 @@ proto.ory.keto.relation_tuples.v1alpha2.CheckResponse.prototype.setSnaptoken = f
};
+
+
+
+if (jspb.Message.GENERATE_TO_OBJECT) {
+/**
+ * Creates an object representation of this proto.
+ * Field names that are reserved in JavaScript and will be renamed to pb_name.
+ * Optional fields that are not set will be set to undefined.
+ * To access a reserved field use, foo.pb_, eg, foo.pb_default.
+ * For the list of reserved names please see:
+ * net/proto2/compiler/js/internal/generator.cc#kKeyword.
+ * @param {boolean=} opt_includeInstance Deprecated. whether to include the
+ * JSPB instance for transitional soy proto support:
+ * http://goto/soy-param-migration
+ * @return {!Object}
+ */
+proto.ory.keto.relation_tuples.v1alpha2.CheckResponseWithError.prototype.toObject = function(opt_includeInstance) {
+ return proto.ory.keto.relation_tuples.v1alpha2.CheckResponseWithError.toObject(opt_includeInstance, this);
+};
+
+
+/**
+ * Static version of the {@see toObject} method.
+ * @param {boolean|undefined} includeInstance Deprecated. Whether to include
+ * the JSPB instance for transitional soy proto support:
+ * http://goto/soy-param-migration
+ * @param {!proto.ory.keto.relation_tuples.v1alpha2.CheckResponseWithError} msg The msg instance to transform.
+ * @return {!Object}
+ * @suppress {unusedLocalVariables} f is only used for nested messages
+ */
+proto.ory.keto.relation_tuples.v1alpha2.CheckResponseWithError.toObject = function(includeInstance, msg) {
+ var f, obj = {
+allowed: jspb.Message.getBooleanFieldWithDefault(msg, 1, false),
+error: jspb.Message.getFieldWithDefault(msg, 2, ""),
+snaptoken: jspb.Message.getFieldWithDefault(msg, 3, "")
+ };
+
+ if (includeInstance) {
+ obj.$jspbMessageInstance = msg;
+ }
+ return obj;
+};
+}
+
+
+/**
+ * Deserializes binary data (in protobuf wire format).
+ * @param {jspb.ByteSource} bytes The bytes to deserialize.
+ * @return {!proto.ory.keto.relation_tuples.v1alpha2.CheckResponseWithError}
+ */
+proto.ory.keto.relation_tuples.v1alpha2.CheckResponseWithError.deserializeBinary = function(bytes) {
+ var reader = new jspb.BinaryReader(bytes);
+ var msg = new proto.ory.keto.relation_tuples.v1alpha2.CheckResponseWithError;
+ return proto.ory.keto.relation_tuples.v1alpha2.CheckResponseWithError.deserializeBinaryFromReader(msg, reader);
+};
+
+
+/**
+ * Deserializes binary data (in protobuf wire format) from the
+ * given reader into the given message object.
+ * @param {!proto.ory.keto.relation_tuples.v1alpha2.CheckResponseWithError} msg The message object to deserialize into.
+ * @param {!jspb.BinaryReader} reader The BinaryReader to use.
+ * @return {!proto.ory.keto.relation_tuples.v1alpha2.CheckResponseWithError}
+ */
+proto.ory.keto.relation_tuples.v1alpha2.CheckResponseWithError.deserializeBinaryFromReader = function(msg, reader) {
+ while (reader.nextField()) {
+ if (reader.isEndGroup()) {
+ break;
+ }
+ var field = reader.getFieldNumber();
+ switch (field) {
+ case 1:
+ var value = /** @type {boolean} */ (reader.readBool());
+ msg.setAllowed(value);
+ break;
+ case 2:
+ var value = /** @type {string} */ (reader.readString());
+ msg.setError(value);
+ break;
+ case 3:
+ var value = /** @type {string} */ (reader.readString());
+ msg.setSnaptoken(value);
+ break;
+ default:
+ reader.skipField();
+ break;
+ }
+ }
+ return msg;
+};
+
+
+/**
+ * Serializes the message to binary data (in protobuf wire format).
+ * @return {!Uint8Array}
+ */
+proto.ory.keto.relation_tuples.v1alpha2.CheckResponseWithError.prototype.serializeBinary = function() {
+ var writer = new jspb.BinaryWriter();
+ proto.ory.keto.relation_tuples.v1alpha2.CheckResponseWithError.serializeBinaryToWriter(this, writer);
+ return writer.getResultBuffer();
+};
+
+
+/**
+ * Serializes the given message to binary data (in protobuf wire
+ * format), writing to the given BinaryWriter.
+ * @param {!proto.ory.keto.relation_tuples.v1alpha2.CheckResponseWithError} message
+ * @param {!jspb.BinaryWriter} writer
+ * @suppress {unusedLocalVariables} f is only used for nested messages
+ */
+proto.ory.keto.relation_tuples.v1alpha2.CheckResponseWithError.serializeBinaryToWriter = function(message, writer) {
+ var f = undefined;
+ f = message.getAllowed();
+ if (f) {
+ writer.writeBool(
+ 1,
+ f
+ );
+ }
+ f = message.getError();
+ if (f.length > 0) {
+ writer.writeString(
+ 2,
+ f
+ );
+ }
+ f = message.getSnaptoken();
+ if (f.length > 0) {
+ writer.writeString(
+ 3,
+ f
+ );
+ }
+};
+
+
+/**
+ * optional bool allowed = 1;
+ * @return {boolean}
+ */
+proto.ory.keto.relation_tuples.v1alpha2.CheckResponseWithError.prototype.getAllowed = function() {
+ return /** @type {boolean} */ (jspb.Message.getBooleanFieldWithDefault(this, 1, false));
+};
+
+
+/**
+ * @param {boolean} value
+ * @return {!proto.ory.keto.relation_tuples.v1alpha2.CheckResponseWithError} returns this
+ */
+proto.ory.keto.relation_tuples.v1alpha2.CheckResponseWithError.prototype.setAllowed = function(value) {
+ return jspb.Message.setProto3BooleanField(this, 1, value);
+};
+
+
+/**
+ * optional string error = 2;
+ * @return {string}
+ */
+proto.ory.keto.relation_tuples.v1alpha2.CheckResponseWithError.prototype.getError = function() {
+ return /** @type {string} */ (jspb.Message.getFieldWithDefault(this, 2, ""));
+};
+
+
+/**
+ * @param {string} value
+ * @return {!proto.ory.keto.relation_tuples.v1alpha2.CheckResponseWithError} returns this
+ */
+proto.ory.keto.relation_tuples.v1alpha2.CheckResponseWithError.prototype.setError = function(value) {
+ return jspb.Message.setProto3StringField(this, 2, value);
+};
+
+
+/**
+ * optional string snaptoken = 3;
+ * @return {string}
+ */
+proto.ory.keto.relation_tuples.v1alpha2.CheckResponseWithError.prototype.getSnaptoken = function() {
+ return /** @type {string} */ (jspb.Message.getFieldWithDefault(this, 3, ""));
+};
+
+
+/**
+ * @param {string} value
+ * @return {!proto.ory.keto.relation_tuples.v1alpha2.CheckResponseWithError} returns this
+ */
+proto.ory.keto.relation_tuples.v1alpha2.CheckResponseWithError.prototype.setSnaptoken = function(value) {
+ return jspb.Message.setProto3StringField(this, 3, value);
+};
+
+
+
+/**
+ * List of repeated fields within this message type.
+ * @private {!Array}
+ * @const
+ */
+proto.ory.keto.relation_tuples.v1alpha2.BatchCheckRequest.repeatedFields_ = [1];
+
+
+
+if (jspb.Message.GENERATE_TO_OBJECT) {
+/**
+ * Creates an object representation of this proto.
+ * Field names that are reserved in JavaScript and will be renamed to pb_name.
+ * Optional fields that are not set will be set to undefined.
+ * To access a reserved field use, foo.pb_, eg, foo.pb_default.
+ * For the list of reserved names please see:
+ * net/proto2/compiler/js/internal/generator.cc#kKeyword.
+ * @param {boolean=} opt_includeInstance Deprecated. whether to include the
+ * JSPB instance for transitional soy proto support:
+ * http://goto/soy-param-migration
+ * @return {!Object}
+ */
+proto.ory.keto.relation_tuples.v1alpha2.BatchCheckRequest.prototype.toObject = function(opt_includeInstance) {
+ return proto.ory.keto.relation_tuples.v1alpha2.BatchCheckRequest.toObject(opt_includeInstance, this);
+};
+
+
+/**
+ * Static version of the {@see toObject} method.
+ * @param {boolean|undefined} includeInstance Deprecated. Whether to include
+ * the JSPB instance for transitional soy proto support:
+ * http://goto/soy-param-migration
+ * @param {!proto.ory.keto.relation_tuples.v1alpha2.BatchCheckRequest} msg The msg instance to transform.
+ * @return {!Object}
+ * @suppress {unusedLocalVariables} f is only used for nested messages
+ */
+proto.ory.keto.relation_tuples.v1alpha2.BatchCheckRequest.toObject = function(includeInstance, msg) {
+ var f, obj = {
+tuplesList: jspb.Message.toObjectList(msg.getTuplesList(),
+ ory_keto_relation_tuples_v1alpha2_relation_tuples_pb.RelationTuple.toObject, includeInstance),
+latest: jspb.Message.getBooleanFieldWithDefault(msg, 2, false),
+snaptoken: jspb.Message.getFieldWithDefault(msg, 3, ""),
+maxDepth: jspb.Message.getFieldWithDefault(msg, 4, 0)
+ };
+
+ if (includeInstance) {
+ obj.$jspbMessageInstance = msg;
+ }
+ return obj;
+};
+}
+
+
+/**
+ * Deserializes binary data (in protobuf wire format).
+ * @param {jspb.ByteSource} bytes The bytes to deserialize.
+ * @return {!proto.ory.keto.relation_tuples.v1alpha2.BatchCheckRequest}
+ */
+proto.ory.keto.relation_tuples.v1alpha2.BatchCheckRequest.deserializeBinary = function(bytes) {
+ var reader = new jspb.BinaryReader(bytes);
+ var msg = new proto.ory.keto.relation_tuples.v1alpha2.BatchCheckRequest;
+ return proto.ory.keto.relation_tuples.v1alpha2.BatchCheckRequest.deserializeBinaryFromReader(msg, reader);
+};
+
+
+/**
+ * Deserializes binary data (in protobuf wire format) from the
+ * given reader into the given message object.
+ * @param {!proto.ory.keto.relation_tuples.v1alpha2.BatchCheckRequest} msg The message object to deserialize into.
+ * @param {!jspb.BinaryReader} reader The BinaryReader to use.
+ * @return {!proto.ory.keto.relation_tuples.v1alpha2.BatchCheckRequest}
+ */
+proto.ory.keto.relation_tuples.v1alpha2.BatchCheckRequest.deserializeBinaryFromReader = function(msg, reader) {
+ while (reader.nextField()) {
+ if (reader.isEndGroup()) {
+ break;
+ }
+ var field = reader.getFieldNumber();
+ switch (field) {
+ case 1:
+ var value = new ory_keto_relation_tuples_v1alpha2_relation_tuples_pb.RelationTuple;
+ reader.readMessage(value,ory_keto_relation_tuples_v1alpha2_relation_tuples_pb.RelationTuple.deserializeBinaryFromReader);
+ msg.addTuples(value);
+ break;
+ case 2:
+ var value = /** @type {boolean} */ (reader.readBool());
+ msg.setLatest(value);
+ break;
+ case 3:
+ var value = /** @type {string} */ (reader.readString());
+ msg.setSnaptoken(value);
+ break;
+ case 4:
+ var value = /** @type {number} */ (reader.readInt32());
+ msg.setMaxDepth(value);
+ break;
+ default:
+ reader.skipField();
+ break;
+ }
+ }
+ return msg;
+};
+
+
+/**
+ * Serializes the message to binary data (in protobuf wire format).
+ * @return {!Uint8Array}
+ */
+proto.ory.keto.relation_tuples.v1alpha2.BatchCheckRequest.prototype.serializeBinary = function() {
+ var writer = new jspb.BinaryWriter();
+ proto.ory.keto.relation_tuples.v1alpha2.BatchCheckRequest.serializeBinaryToWriter(this, writer);
+ return writer.getResultBuffer();
+};
+
+
+/**
+ * Serializes the given message to binary data (in protobuf wire
+ * format), writing to the given BinaryWriter.
+ * @param {!proto.ory.keto.relation_tuples.v1alpha2.BatchCheckRequest} message
+ * @param {!jspb.BinaryWriter} writer
+ * @suppress {unusedLocalVariables} f is only used for nested messages
+ */
+proto.ory.keto.relation_tuples.v1alpha2.BatchCheckRequest.serializeBinaryToWriter = function(message, writer) {
+ var f = undefined;
+ f = message.getTuplesList();
+ if (f.length > 0) {
+ writer.writeRepeatedMessage(
+ 1,
+ f,
+ ory_keto_relation_tuples_v1alpha2_relation_tuples_pb.RelationTuple.serializeBinaryToWriter
+ );
+ }
+ f = message.getLatest();
+ if (f) {
+ writer.writeBool(
+ 2,
+ f
+ );
+ }
+ f = message.getSnaptoken();
+ if (f.length > 0) {
+ writer.writeString(
+ 3,
+ f
+ );
+ }
+ f = message.getMaxDepth();
+ if (f !== 0) {
+ writer.writeInt32(
+ 4,
+ f
+ );
+ }
+};
+
+
+/**
+ * repeated RelationTuple tuples = 1;
+ * @return {!Array}
+ */
+proto.ory.keto.relation_tuples.v1alpha2.BatchCheckRequest.prototype.getTuplesList = function() {
+ return /** @type{!Array} */ (
+ jspb.Message.getRepeatedWrapperField(this, ory_keto_relation_tuples_v1alpha2_relation_tuples_pb.RelationTuple, 1));
+};
+
+
+/**
+ * @param {!Array} value
+ * @return {!proto.ory.keto.relation_tuples.v1alpha2.BatchCheckRequest} returns this
+*/
+proto.ory.keto.relation_tuples.v1alpha2.BatchCheckRequest.prototype.setTuplesList = function(value) {
+ return jspb.Message.setRepeatedWrapperField(this, 1, value);
+};
+
+
+/**
+ * @param {!proto.ory.keto.relation_tuples.v1alpha2.RelationTuple=} opt_value
+ * @param {number=} opt_index
+ * @return {!proto.ory.keto.relation_tuples.v1alpha2.RelationTuple}
+ */
+proto.ory.keto.relation_tuples.v1alpha2.BatchCheckRequest.prototype.addTuples = function(opt_value, opt_index) {
+ return jspb.Message.addToRepeatedWrapperField(this, 1, opt_value, proto.ory.keto.relation_tuples.v1alpha2.RelationTuple, opt_index);
+};
+
+
+/**
+ * Clears the list making it empty but non-null.
+ * @return {!proto.ory.keto.relation_tuples.v1alpha2.BatchCheckRequest} returns this
+ */
+proto.ory.keto.relation_tuples.v1alpha2.BatchCheckRequest.prototype.clearTuplesList = function() {
+ return this.setTuplesList([]);
+};
+
+
+/**
+ * optional bool latest = 2;
+ * @return {boolean}
+ */
+proto.ory.keto.relation_tuples.v1alpha2.BatchCheckRequest.prototype.getLatest = function() {
+ return /** @type {boolean} */ (jspb.Message.getBooleanFieldWithDefault(this, 2, false));
+};
+
+
+/**
+ * @param {boolean} value
+ * @return {!proto.ory.keto.relation_tuples.v1alpha2.BatchCheckRequest} returns this
+ */
+proto.ory.keto.relation_tuples.v1alpha2.BatchCheckRequest.prototype.setLatest = function(value) {
+ return jspb.Message.setProto3BooleanField(this, 2, value);
+};
+
+
+/**
+ * optional string snaptoken = 3;
+ * @return {string}
+ */
+proto.ory.keto.relation_tuples.v1alpha2.BatchCheckRequest.prototype.getSnaptoken = function() {
+ return /** @type {string} */ (jspb.Message.getFieldWithDefault(this, 3, ""));
+};
+
+
+/**
+ * @param {string} value
+ * @return {!proto.ory.keto.relation_tuples.v1alpha2.BatchCheckRequest} returns this
+ */
+proto.ory.keto.relation_tuples.v1alpha2.BatchCheckRequest.prototype.setSnaptoken = function(value) {
+ return jspb.Message.setProto3StringField(this, 3, value);
+};
+
+
+/**
+ * optional int32 max_depth = 4;
+ * @return {number}
+ */
+proto.ory.keto.relation_tuples.v1alpha2.BatchCheckRequest.prototype.getMaxDepth = function() {
+ return /** @type {number} */ (jspb.Message.getFieldWithDefault(this, 4, 0));
+};
+
+
+/**
+ * @param {number} value
+ * @return {!proto.ory.keto.relation_tuples.v1alpha2.BatchCheckRequest} returns this
+ */
+proto.ory.keto.relation_tuples.v1alpha2.BatchCheckRequest.prototype.setMaxDepth = function(value) {
+ return jspb.Message.setProto3IntField(this, 4, value);
+};
+
+
+
+/**
+ * List of repeated fields within this message type.
+ * @private {!Array}
+ * @const
+ */
+proto.ory.keto.relation_tuples.v1alpha2.BatchCheckResponse.repeatedFields_ = [1];
+
+
+
+if (jspb.Message.GENERATE_TO_OBJECT) {
+/**
+ * Creates an object representation of this proto.
+ * Field names that are reserved in JavaScript and will be renamed to pb_name.
+ * Optional fields that are not set will be set to undefined.
+ * To access a reserved field use, foo.pb_, eg, foo.pb_default.
+ * For the list of reserved names please see:
+ * net/proto2/compiler/js/internal/generator.cc#kKeyword.
+ * @param {boolean=} opt_includeInstance Deprecated. whether to include the
+ * JSPB instance for transitional soy proto support:
+ * http://goto/soy-param-migration
+ * @return {!Object}
+ */
+proto.ory.keto.relation_tuples.v1alpha2.BatchCheckResponse.prototype.toObject = function(opt_includeInstance) {
+ return proto.ory.keto.relation_tuples.v1alpha2.BatchCheckResponse.toObject(opt_includeInstance, this);
+};
+
+
+/**
+ * Static version of the {@see toObject} method.
+ * @param {boolean|undefined} includeInstance Deprecated. Whether to include
+ * the JSPB instance for transitional soy proto support:
+ * http://goto/soy-param-migration
+ * @param {!proto.ory.keto.relation_tuples.v1alpha2.BatchCheckResponse} msg The msg instance to transform.
+ * @return {!Object}
+ * @suppress {unusedLocalVariables} f is only used for nested messages
+ */
+proto.ory.keto.relation_tuples.v1alpha2.BatchCheckResponse.toObject = function(includeInstance, msg) {
+ var f, obj = {
+resultsList: jspb.Message.toObjectList(msg.getResultsList(),
+ proto.ory.keto.relation_tuples.v1alpha2.CheckResponseWithError.toObject, includeInstance)
+ };
+
+ if (includeInstance) {
+ obj.$jspbMessageInstance = msg;
+ }
+ return obj;
+};
+}
+
+
+/**
+ * Deserializes binary data (in protobuf wire format).
+ * @param {jspb.ByteSource} bytes The bytes to deserialize.
+ * @return {!proto.ory.keto.relation_tuples.v1alpha2.BatchCheckResponse}
+ */
+proto.ory.keto.relation_tuples.v1alpha2.BatchCheckResponse.deserializeBinary = function(bytes) {
+ var reader = new jspb.BinaryReader(bytes);
+ var msg = new proto.ory.keto.relation_tuples.v1alpha2.BatchCheckResponse;
+ return proto.ory.keto.relation_tuples.v1alpha2.BatchCheckResponse.deserializeBinaryFromReader(msg, reader);
+};
+
+
+/**
+ * Deserializes binary data (in protobuf wire format) from the
+ * given reader into the given message object.
+ * @param {!proto.ory.keto.relation_tuples.v1alpha2.BatchCheckResponse} msg The message object to deserialize into.
+ * @param {!jspb.BinaryReader} reader The BinaryReader to use.
+ * @return {!proto.ory.keto.relation_tuples.v1alpha2.BatchCheckResponse}
+ */
+proto.ory.keto.relation_tuples.v1alpha2.BatchCheckResponse.deserializeBinaryFromReader = function(msg, reader) {
+ while (reader.nextField()) {
+ if (reader.isEndGroup()) {
+ break;
+ }
+ var field = reader.getFieldNumber();
+ switch (field) {
+ case 1:
+ var value = new proto.ory.keto.relation_tuples.v1alpha2.CheckResponseWithError;
+ reader.readMessage(value,proto.ory.keto.relation_tuples.v1alpha2.CheckResponseWithError.deserializeBinaryFromReader);
+ msg.addResults(value);
+ break;
+ default:
+ reader.skipField();
+ break;
+ }
+ }
+ return msg;
+};
+
+
+/**
+ * Serializes the message to binary data (in protobuf wire format).
+ * @return {!Uint8Array}
+ */
+proto.ory.keto.relation_tuples.v1alpha2.BatchCheckResponse.prototype.serializeBinary = function() {
+ var writer = new jspb.BinaryWriter();
+ proto.ory.keto.relation_tuples.v1alpha2.BatchCheckResponse.serializeBinaryToWriter(this, writer);
+ return writer.getResultBuffer();
+};
+
+
+/**
+ * Serializes the given message to binary data (in protobuf wire
+ * format), writing to the given BinaryWriter.
+ * @param {!proto.ory.keto.relation_tuples.v1alpha2.BatchCheckResponse} message
+ * @param {!jspb.BinaryWriter} writer
+ * @suppress {unusedLocalVariables} f is only used for nested messages
+ */
+proto.ory.keto.relation_tuples.v1alpha2.BatchCheckResponse.serializeBinaryToWriter = function(message, writer) {
+ var f = undefined;
+ f = message.getResultsList();
+ if (f.length > 0) {
+ writer.writeRepeatedMessage(
+ 1,
+ f,
+ proto.ory.keto.relation_tuples.v1alpha2.CheckResponseWithError.serializeBinaryToWriter
+ );
+ }
+};
+
+
+/**
+ * repeated CheckResponseWithError results = 1;
+ * @return {!Array}
+ */
+proto.ory.keto.relation_tuples.v1alpha2.BatchCheckResponse.prototype.getResultsList = function() {
+ return /** @type{!Array} */ (
+ jspb.Message.getRepeatedWrapperField(this, proto.ory.keto.relation_tuples.v1alpha2.CheckResponseWithError, 1));
+};
+
+
+/**
+ * @param {!Array} value
+ * @return {!proto.ory.keto.relation_tuples.v1alpha2.BatchCheckResponse} returns this
+*/
+proto.ory.keto.relation_tuples.v1alpha2.BatchCheckResponse.prototype.setResultsList = function(value) {
+ return jspb.Message.setRepeatedWrapperField(this, 1, value);
+};
+
+
+/**
+ * @param {!proto.ory.keto.relation_tuples.v1alpha2.CheckResponseWithError=} opt_value
+ * @param {number=} opt_index
+ * @return {!proto.ory.keto.relation_tuples.v1alpha2.CheckResponseWithError}
+ */
+proto.ory.keto.relation_tuples.v1alpha2.BatchCheckResponse.prototype.addResults = function(opt_value, opt_index) {
+ return jspb.Message.addToRepeatedWrapperField(this, 1, opt_value, proto.ory.keto.relation_tuples.v1alpha2.CheckResponseWithError, opt_index);
+};
+
+
+/**
+ * Clears the list making it empty but non-null.
+ * @return {!proto.ory.keto.relation_tuples.v1alpha2.BatchCheckResponse} returns this
+ */
+proto.ory.keto.relation_tuples.v1alpha2.BatchCheckResponse.prototype.clearResultsList = function() {
+ return this.setResultsList([]);
+};
+
+
goog.object.extend(exports, proto.ory.keto.relation_tuples.v1alpha2);
diff --git a/proto/ory/keto/relation_tuples/v1alpha2/expand_service.pb.go b/proto/ory/keto/relation_tuples/v1alpha2/expand_service.pb.go
index ed0f49229..937104901 100644
--- a/proto/ory/keto/relation_tuples/v1alpha2/expand_service.pb.go
+++ b/proto/ory/keto/relation_tuples/v1alpha2/expand_service.pb.go
@@ -1,6 +1,6 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
-// protoc-gen-go v1.32.0
+// protoc-gen-go v1.34.2
// protoc (unknown)
// source: ory/keto/relation_tuples/v1alpha2/expand_service.proto
@@ -394,7 +394,7 @@ func file_ory_keto_relation_tuples_v1alpha2_expand_service_proto_rawDescGZIP() [
var file_ory_keto_relation_tuples_v1alpha2_expand_service_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
var file_ory_keto_relation_tuples_v1alpha2_expand_service_proto_msgTypes = make([]protoimpl.MessageInfo, 3)
-var file_ory_keto_relation_tuples_v1alpha2_expand_service_proto_goTypes = []interface{}{
+var file_ory_keto_relation_tuples_v1alpha2_expand_service_proto_goTypes = []any{
(NodeType)(0), // 0: ory.keto.relation_tuples.v1alpha2.NodeType
(*ExpandRequest)(nil), // 1: ory.keto.relation_tuples.v1alpha2.ExpandRequest
(*ExpandResponse)(nil), // 2: ory.keto.relation_tuples.v1alpha2.ExpandResponse
@@ -425,7 +425,7 @@ func file_ory_keto_relation_tuples_v1alpha2_expand_service_proto_init() {
}
file_ory_keto_relation_tuples_v1alpha2_relation_tuples_proto_init()
if !protoimpl.UnsafeEnabled {
- file_ory_keto_relation_tuples_v1alpha2_expand_service_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+ file_ory_keto_relation_tuples_v1alpha2_expand_service_proto_msgTypes[0].Exporter = func(v any, i int) any {
switch v := v.(*ExpandRequest); i {
case 0:
return &v.state
@@ -437,7 +437,7 @@ func file_ory_keto_relation_tuples_v1alpha2_expand_service_proto_init() {
return nil
}
}
- file_ory_keto_relation_tuples_v1alpha2_expand_service_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+ file_ory_keto_relation_tuples_v1alpha2_expand_service_proto_msgTypes[1].Exporter = func(v any, i int) any {
switch v := v.(*ExpandResponse); i {
case 0:
return &v.state
@@ -449,7 +449,7 @@ func file_ory_keto_relation_tuples_v1alpha2_expand_service_proto_init() {
return nil
}
}
- file_ory_keto_relation_tuples_v1alpha2_expand_service_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+ file_ory_keto_relation_tuples_v1alpha2_expand_service_proto_msgTypes[2].Exporter = func(v any, i int) any {
switch v := v.(*SubjectTree); i {
case 0:
return &v.state
diff --git a/proto/ory/keto/relation_tuples/v1alpha2/expand_service_grpc.pb.go b/proto/ory/keto/relation_tuples/v1alpha2/expand_service_grpc.pb.go
index 9f8a029d6..d7d5dec95 100644
--- a/proto/ory/keto/relation_tuples/v1alpha2/expand_service_grpc.pb.go
+++ b/proto/ory/keto/relation_tuples/v1alpha2/expand_service_grpc.pb.go
@@ -1,6 +1,6 @@
// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
// versions:
-// - protoc-gen-go-grpc v1.3.0
+// - protoc-gen-go-grpc v1.4.0
// - protoc (unknown)
// source: ory/keto/relation_tuples/v1alpha2/expand_service.proto
@@ -15,8 +15,8 @@ import (
// This is a compile-time assertion to ensure that this generated file
// is compatible with the grpc package it is being compiled against.
-// Requires gRPC-Go v1.32.0 or later.
-const _ = grpc.SupportPackageIsVersion7
+// Requires gRPC-Go v1.62.0 or later.
+const _ = grpc.SupportPackageIsVersion8
const (
ExpandService_Expand_FullMethodName = "/ory.keto.relation_tuples.v1alpha2.ExpandService/Expand"
@@ -25,6 +25,11 @@ const (
// ExpandServiceClient is the client API for ExpandService service.
//
// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+//
+// The service that performs subject set expansion
+// based on the stored Access Control Lists.
+//
+// This service is part of the [read-APIs](../concepts/25_api-overview.mdx#read-apis).
type ExpandServiceClient interface {
// Expands the subject set into a tree of subjects.
Expand(ctx context.Context, in *ExpandRequest, opts ...grpc.CallOption) (*ExpandResponse, error)
@@ -39,8 +44,9 @@ func NewExpandServiceClient(cc grpc.ClientConnInterface) ExpandServiceClient {
}
func (c *expandServiceClient) Expand(ctx context.Context, in *ExpandRequest, opts ...grpc.CallOption) (*ExpandResponse, error) {
+ cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(ExpandResponse)
- err := c.cc.Invoke(ctx, ExpandService_Expand_FullMethodName, in, out, opts...)
+ err := c.cc.Invoke(ctx, ExpandService_Expand_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
@@ -50,6 +56,11 @@ func (c *expandServiceClient) Expand(ctx context.Context, in *ExpandRequest, opt
// ExpandServiceServer is the server API for ExpandService service.
// All implementations should embed UnimplementedExpandServiceServer
// for forward compatibility
+//
+// The service that performs subject set expansion
+// based on the stored Access Control Lists.
+//
+// This service is part of the [read-APIs](../concepts/25_api-overview.mdx#read-apis).
type ExpandServiceServer interface {
// Expands the subject set into a tree of subjects.
Expand(context.Context, *ExpandRequest) (*ExpandResponse, error)
diff --git a/proto/ory/keto/relation_tuples/v1alpha2/expand_service_pb.js b/proto/ory/keto/relation_tuples/v1alpha2/expand_service_pb.js
index 36b6412a4..a8723c66a 100644
--- a/proto/ory/keto/relation_tuples/v1alpha2/expand_service_pb.js
+++ b/proto/ory/keto/relation_tuples/v1alpha2/expand_service_pb.js
@@ -122,9 +122,9 @@ proto.ory.keto.relation_tuples.v1alpha2.ExpandRequest.prototype.toObject = funct
*/
proto.ory.keto.relation_tuples.v1alpha2.ExpandRequest.toObject = function(includeInstance, msg) {
var f, obj = {
- subject: (f = msg.getSubject()) && ory_keto_relation_tuples_v1alpha2_relation_tuples_pb.Subject.toObject(includeInstance, f),
- maxDepth: jspb.Message.getFieldWithDefault(msg, 2, 0),
- snaptoken: jspb.Message.getFieldWithDefault(msg, 3, "")
+subject: (f = msg.getSubject()) && ory_keto_relation_tuples_v1alpha2_relation_tuples_pb.Subject.toObject(includeInstance, f),
+maxDepth: jspb.Message.getFieldWithDefault(msg, 2, 0),
+snaptoken: jspb.Message.getFieldWithDefault(msg, 3, "")
};
if (includeInstance) {
@@ -333,7 +333,7 @@ proto.ory.keto.relation_tuples.v1alpha2.ExpandResponse.prototype.toObject = func
*/
proto.ory.keto.relation_tuples.v1alpha2.ExpandResponse.toObject = function(includeInstance, msg) {
var f, obj = {
- tree: (f = msg.getTree()) && proto.ory.keto.relation_tuples.v1alpha2.SubjectTree.toObject(includeInstance, f)
+tree: (f = msg.getTree()) && proto.ory.keto.relation_tuples.v1alpha2.SubjectTree.toObject(includeInstance, f)
};
if (includeInstance) {
@@ -491,10 +491,10 @@ proto.ory.keto.relation_tuples.v1alpha2.SubjectTree.prototype.toObject = functio
*/
proto.ory.keto.relation_tuples.v1alpha2.SubjectTree.toObject = function(includeInstance, msg) {
var f, obj = {
- nodeType: jspb.Message.getFieldWithDefault(msg, 1, 0),
- subject: (f = msg.getSubject()) && ory_keto_relation_tuples_v1alpha2_relation_tuples_pb.Subject.toObject(includeInstance, f),
- tuple: (f = msg.getTuple()) && ory_keto_relation_tuples_v1alpha2_relation_tuples_pb.RelationTuple.toObject(includeInstance, f),
- childrenList: jspb.Message.toObjectList(msg.getChildrenList(),
+nodeType: jspb.Message.getFieldWithDefault(msg, 1, 0),
+subject: (f = msg.getSubject()) && ory_keto_relation_tuples_v1alpha2_relation_tuples_pb.Subject.toObject(includeInstance, f),
+tuple: (f = msg.getTuple()) && ory_keto_relation_tuples_v1alpha2_relation_tuples_pb.RelationTuple.toObject(includeInstance, f),
+childrenList: jspb.Message.toObjectList(msg.getChildrenList(),
proto.ory.keto.relation_tuples.v1alpha2.SubjectTree.toObject, includeInstance)
};
diff --git a/proto/ory/keto/relation_tuples/v1alpha2/namespaces_service.pb.go b/proto/ory/keto/relation_tuples/v1alpha2/namespaces_service.pb.go
index 70cf58a68..63f26619d 100644
--- a/proto/ory/keto/relation_tuples/v1alpha2/namespaces_service.pb.go
+++ b/proto/ory/keto/relation_tuples/v1alpha2/namespaces_service.pb.go
@@ -1,6 +1,6 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
-// protoc-gen-go v1.32.0
+// protoc-gen-go v1.34.2
// protoc (unknown)
// source: ory/keto/relation_tuples/v1alpha2/namespaces_service.proto
@@ -211,7 +211,7 @@ func file_ory_keto_relation_tuples_v1alpha2_namespaces_service_proto_rawDescGZIP
}
var file_ory_keto_relation_tuples_v1alpha2_namespaces_service_proto_msgTypes = make([]protoimpl.MessageInfo, 3)
-var file_ory_keto_relation_tuples_v1alpha2_namespaces_service_proto_goTypes = []interface{}{
+var file_ory_keto_relation_tuples_v1alpha2_namespaces_service_proto_goTypes = []any{
(*ListNamespacesRequest)(nil), // 0: ory.keto.relation_tuples.v1alpha2.ListNamespacesRequest
(*ListNamespacesResponse)(nil), // 1: ory.keto.relation_tuples.v1alpha2.ListNamespacesResponse
(*Namespace)(nil), // 2: ory.keto.relation_tuples.v1alpha2.Namespace
@@ -233,7 +233,7 @@ func file_ory_keto_relation_tuples_v1alpha2_namespaces_service_proto_init() {
return
}
if !protoimpl.UnsafeEnabled {
- file_ory_keto_relation_tuples_v1alpha2_namespaces_service_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+ file_ory_keto_relation_tuples_v1alpha2_namespaces_service_proto_msgTypes[0].Exporter = func(v any, i int) any {
switch v := v.(*ListNamespacesRequest); i {
case 0:
return &v.state
@@ -245,7 +245,7 @@ func file_ory_keto_relation_tuples_v1alpha2_namespaces_service_proto_init() {
return nil
}
}
- file_ory_keto_relation_tuples_v1alpha2_namespaces_service_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+ file_ory_keto_relation_tuples_v1alpha2_namespaces_service_proto_msgTypes[1].Exporter = func(v any, i int) any {
switch v := v.(*ListNamespacesResponse); i {
case 0:
return &v.state
@@ -257,7 +257,7 @@ func file_ory_keto_relation_tuples_v1alpha2_namespaces_service_proto_init() {
return nil
}
}
- file_ory_keto_relation_tuples_v1alpha2_namespaces_service_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+ file_ory_keto_relation_tuples_v1alpha2_namespaces_service_proto_msgTypes[2].Exporter = func(v any, i int) any {
switch v := v.(*Namespace); i {
case 0:
return &v.state
diff --git a/proto/ory/keto/relation_tuples/v1alpha2/namespaces_service_grpc.pb.go b/proto/ory/keto/relation_tuples/v1alpha2/namespaces_service_grpc.pb.go
index 53ff9a6f9..4ae30eff8 100644
--- a/proto/ory/keto/relation_tuples/v1alpha2/namespaces_service_grpc.pb.go
+++ b/proto/ory/keto/relation_tuples/v1alpha2/namespaces_service_grpc.pb.go
@@ -1,6 +1,6 @@
// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
// versions:
-// - protoc-gen-go-grpc v1.3.0
+// - protoc-gen-go-grpc v1.4.0
// - protoc (unknown)
// source: ory/keto/relation_tuples/v1alpha2/namespaces_service.proto
@@ -15,8 +15,8 @@ import (
// This is a compile-time assertion to ensure that this generated file
// is compatible with the grpc package it is being compiled against.
-// Requires gRPC-Go v1.32.0 or later.
-const _ = grpc.SupportPackageIsVersion7
+// Requires gRPC-Go v1.62.0 or later.
+const _ = grpc.SupportPackageIsVersion8
const (
NamespacesService_ListNamespaces_FullMethodName = "/ory.keto.relation_tuples.v1alpha2.NamespacesService/ListNamespaces"
@@ -25,6 +25,10 @@ const (
// NamespacesServiceClient is the client API for NamespacesService service.
//
// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+//
+// The service to query namespaces.
+//
+// This service is part of the [read-APIs](../concepts/25_api-overview.mdx#read-apis).
type NamespacesServiceClient interface {
// Lists Namespaces
ListNamespaces(ctx context.Context, in *ListNamespacesRequest, opts ...grpc.CallOption) (*ListNamespacesResponse, error)
@@ -39,8 +43,9 @@ func NewNamespacesServiceClient(cc grpc.ClientConnInterface) NamespacesServiceCl
}
func (c *namespacesServiceClient) ListNamespaces(ctx context.Context, in *ListNamespacesRequest, opts ...grpc.CallOption) (*ListNamespacesResponse, error) {
+ cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(ListNamespacesResponse)
- err := c.cc.Invoke(ctx, NamespacesService_ListNamespaces_FullMethodName, in, out, opts...)
+ err := c.cc.Invoke(ctx, NamespacesService_ListNamespaces_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
@@ -50,6 +55,10 @@ func (c *namespacesServiceClient) ListNamespaces(ctx context.Context, in *ListNa
// NamespacesServiceServer is the server API for NamespacesService service.
// All implementations should embed UnimplementedNamespacesServiceServer
// for forward compatibility
+//
+// The service to query namespaces.
+//
+// This service is part of the [read-APIs](../concepts/25_api-overview.mdx#read-apis).
type NamespacesServiceServer interface {
// Lists Namespaces
ListNamespaces(context.Context, *ListNamespacesRequest) (*ListNamespacesResponse, error)
diff --git a/proto/ory/keto/relation_tuples/v1alpha2/namespaces_service_pb.js b/proto/ory/keto/relation_tuples/v1alpha2/namespaces_service_pb.js
index 0d7ed7949..f894d44fc 100644
--- a/proto/ory/keto/relation_tuples/v1alpha2/namespaces_service_pb.js
+++ b/proto/ory/keto/relation_tuples/v1alpha2/namespaces_service_pb.js
@@ -227,7 +227,7 @@ proto.ory.keto.relation_tuples.v1alpha2.ListNamespacesResponse.prototype.toObjec
*/
proto.ory.keto.relation_tuples.v1alpha2.ListNamespacesResponse.toObject = function(includeInstance, msg) {
var f, obj = {
- namespacesList: jspb.Message.toObjectList(msg.getNamespacesList(),
+namespacesList: jspb.Message.toObjectList(msg.getNamespacesList(),
proto.ory.keto.relation_tuples.v1alpha2.Namespace.toObject, includeInstance)
};
@@ -380,7 +380,7 @@ proto.ory.keto.relation_tuples.v1alpha2.Namespace.prototype.toObject = function(
*/
proto.ory.keto.relation_tuples.v1alpha2.Namespace.toObject = function(includeInstance, msg) {
var f, obj = {
- name: jspb.Message.getFieldWithDefault(msg, 1, "")
+name: jspb.Message.getFieldWithDefault(msg, 1, "")
};
if (includeInstance) {
diff --git a/proto/ory/keto/relation_tuples/v1alpha2/read_service.pb.go b/proto/ory/keto/relation_tuples/v1alpha2/read_service.pb.go
index 87f5f7c8b..26d673394 100644
--- a/proto/ory/keto/relation_tuples/v1alpha2/read_service.pb.go
+++ b/proto/ory/keto/relation_tuples/v1alpha2/read_service.pb.go
@@ -1,6 +1,6 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
-// protoc-gen-go v1.32.0
+// protoc-gen-go v1.34.2
// protoc (unknown)
// source: ory/keto/relation_tuples/v1alpha2/read_service.proto
@@ -383,7 +383,7 @@ func file_ory_keto_relation_tuples_v1alpha2_read_service_proto_rawDescGZIP() []b
}
var file_ory_keto_relation_tuples_v1alpha2_read_service_proto_msgTypes = make([]protoimpl.MessageInfo, 3)
-var file_ory_keto_relation_tuples_v1alpha2_read_service_proto_goTypes = []interface{}{
+var file_ory_keto_relation_tuples_v1alpha2_read_service_proto_goTypes = []any{
(*ListRelationTuplesRequest)(nil), // 0: ory.keto.relation_tuples.v1alpha2.ListRelationTuplesRequest
(*ListRelationTuplesResponse)(nil), // 1: ory.keto.relation_tuples.v1alpha2.ListRelationTuplesResponse
(*ListRelationTuplesRequest_Query)(nil), // 2: ory.keto.relation_tuples.v1alpha2.ListRelationTuplesRequest.Query
@@ -414,7 +414,7 @@ func file_ory_keto_relation_tuples_v1alpha2_read_service_proto_init() {
}
file_ory_keto_relation_tuples_v1alpha2_relation_tuples_proto_init()
if !protoimpl.UnsafeEnabled {
- file_ory_keto_relation_tuples_v1alpha2_read_service_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+ file_ory_keto_relation_tuples_v1alpha2_read_service_proto_msgTypes[0].Exporter = func(v any, i int) any {
switch v := v.(*ListRelationTuplesRequest); i {
case 0:
return &v.state
@@ -426,7 +426,7 @@ func file_ory_keto_relation_tuples_v1alpha2_read_service_proto_init() {
return nil
}
}
- file_ory_keto_relation_tuples_v1alpha2_read_service_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+ file_ory_keto_relation_tuples_v1alpha2_read_service_proto_msgTypes[1].Exporter = func(v any, i int) any {
switch v := v.(*ListRelationTuplesResponse); i {
case 0:
return &v.state
@@ -438,7 +438,7 @@ func file_ory_keto_relation_tuples_v1alpha2_read_service_proto_init() {
return nil
}
}
- file_ory_keto_relation_tuples_v1alpha2_read_service_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+ file_ory_keto_relation_tuples_v1alpha2_read_service_proto_msgTypes[2].Exporter = func(v any, i int) any {
switch v := v.(*ListRelationTuplesRequest_Query); i {
case 0:
return &v.state
diff --git a/proto/ory/keto/relation_tuples/v1alpha2/read_service_grpc.pb.go b/proto/ory/keto/relation_tuples/v1alpha2/read_service_grpc.pb.go
index 3fa7b1ffd..10a283cd9 100644
--- a/proto/ory/keto/relation_tuples/v1alpha2/read_service_grpc.pb.go
+++ b/proto/ory/keto/relation_tuples/v1alpha2/read_service_grpc.pb.go
@@ -1,6 +1,6 @@
// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
// versions:
-// - protoc-gen-go-grpc v1.3.0
+// - protoc-gen-go-grpc v1.4.0
// - protoc (unknown)
// source: ory/keto/relation_tuples/v1alpha2/read_service.proto
@@ -15,8 +15,8 @@ import (
// This is a compile-time assertion to ensure that this generated file
// is compatible with the grpc package it is being compiled against.
-// Requires gRPC-Go v1.32.0 or later.
-const _ = grpc.SupportPackageIsVersion7
+// Requires gRPC-Go v1.62.0 or later.
+const _ = grpc.SupportPackageIsVersion8
const (
ReadService_ListRelationTuples_FullMethodName = "/ory.keto.relation_tuples.v1alpha2.ReadService/ListRelationTuples"
@@ -25,6 +25,10 @@ const (
// ReadServiceClient is the client API for ReadService service.
//
// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+//
+// The service to query relationships.
+//
+// This service is part of the [read-APIs](../concepts/25_api-overview.mdx#read-apis).
type ReadServiceClient interface {
// Lists ACL relationships.
ListRelationTuples(ctx context.Context, in *ListRelationTuplesRequest, opts ...grpc.CallOption) (*ListRelationTuplesResponse, error)
@@ -39,8 +43,9 @@ func NewReadServiceClient(cc grpc.ClientConnInterface) ReadServiceClient {
}
func (c *readServiceClient) ListRelationTuples(ctx context.Context, in *ListRelationTuplesRequest, opts ...grpc.CallOption) (*ListRelationTuplesResponse, error) {
+ cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(ListRelationTuplesResponse)
- err := c.cc.Invoke(ctx, ReadService_ListRelationTuples_FullMethodName, in, out, opts...)
+ err := c.cc.Invoke(ctx, ReadService_ListRelationTuples_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
@@ -50,6 +55,10 @@ func (c *readServiceClient) ListRelationTuples(ctx context.Context, in *ListRela
// ReadServiceServer is the server API for ReadService service.
// All implementations should embed UnimplementedReadServiceServer
// for forward compatibility
+//
+// The service to query relationships.
+//
+// This service is part of the [read-APIs](../concepts/25_api-overview.mdx#read-apis).
type ReadServiceServer interface {
// Lists ACL relationships.
ListRelationTuples(context.Context, *ListRelationTuplesRequest) (*ListRelationTuplesResponse, error)
diff --git a/proto/ory/keto/relation_tuples/v1alpha2/read_service_pb.js b/proto/ory/keto/relation_tuples/v1alpha2/read_service_pb.js
index 6b06c56b4..ed1243089 100644
--- a/proto/ory/keto/relation_tuples/v1alpha2/read_service_pb.js
+++ b/proto/ory/keto/relation_tuples/v1alpha2/read_service_pb.js
@@ -123,12 +123,12 @@ proto.ory.keto.relation_tuples.v1alpha2.ListRelationTuplesRequest.prototype.toOb
*/
proto.ory.keto.relation_tuples.v1alpha2.ListRelationTuplesRequest.toObject = function(includeInstance, msg) {
var f, obj = {
- query: (f = msg.getQuery()) && proto.ory.keto.relation_tuples.v1alpha2.ListRelationTuplesRequest.Query.toObject(includeInstance, f),
- relationQuery: (f = msg.getRelationQuery()) && ory_keto_relation_tuples_v1alpha2_relation_tuples_pb.RelationQuery.toObject(includeInstance, f),
- expandMask: (f = msg.getExpandMask()) && google_protobuf_field_mask_pb.FieldMask.toObject(includeInstance, f),
- snaptoken: jspb.Message.getFieldWithDefault(msg, 3, ""),
- pageSize: jspb.Message.getFieldWithDefault(msg, 4, 0),
- pageToken: jspb.Message.getFieldWithDefault(msg, 5, "")
+query: (f = msg.getQuery()) && proto.ory.keto.relation_tuples.v1alpha2.ListRelationTuplesRequest.Query.toObject(includeInstance, f),
+relationQuery: (f = msg.getRelationQuery()) && ory_keto_relation_tuples_v1alpha2_relation_tuples_pb.RelationQuery.toObject(includeInstance, f),
+expandMask: (f = msg.getExpandMask()) && google_protobuf_field_mask_pb.FieldMask.toObject(includeInstance, f),
+snaptoken: jspb.Message.getFieldWithDefault(msg, 3, ""),
+pageSize: jspb.Message.getFieldWithDefault(msg, 4, 0),
+pageToken: jspb.Message.getFieldWithDefault(msg, 5, "")
};
if (includeInstance) {
@@ -301,10 +301,10 @@ proto.ory.keto.relation_tuples.v1alpha2.ListRelationTuplesRequest.Query.prototyp
*/
proto.ory.keto.relation_tuples.v1alpha2.ListRelationTuplesRequest.Query.toObject = function(includeInstance, msg) {
var f, obj = {
- namespace: jspb.Message.getFieldWithDefault(msg, 1, ""),
- object: jspb.Message.getFieldWithDefault(msg, 2, ""),
- relation: jspb.Message.getFieldWithDefault(msg, 3, ""),
- subject: (f = msg.getSubject()) && ory_keto_relation_tuples_v1alpha2_relation_tuples_pb.Subject.toObject(includeInstance, f)
+namespace: jspb.Message.getFieldWithDefault(msg, 1, ""),
+object: jspb.Message.getFieldWithDefault(msg, 2, ""),
+relation: jspb.Message.getFieldWithDefault(msg, 3, ""),
+subject: (f = msg.getSubject()) && ory_keto_relation_tuples_v1alpha2_relation_tuples_pb.Subject.toObject(includeInstance, f)
};
if (includeInstance) {
@@ -714,9 +714,9 @@ proto.ory.keto.relation_tuples.v1alpha2.ListRelationTuplesResponse.prototype.toO
*/
proto.ory.keto.relation_tuples.v1alpha2.ListRelationTuplesResponse.toObject = function(includeInstance, msg) {
var f, obj = {
- relationTuplesList: jspb.Message.toObjectList(msg.getRelationTuplesList(),
+relationTuplesList: jspb.Message.toObjectList(msg.getRelationTuplesList(),
ory_keto_relation_tuples_v1alpha2_relation_tuples_pb.RelationTuple.toObject, includeInstance),
- nextPageToken: jspb.Message.getFieldWithDefault(msg, 2, "")
+nextPageToken: jspb.Message.getFieldWithDefault(msg, 2, "")
};
if (includeInstance) {
diff --git a/proto/ory/keto/relation_tuples/v1alpha2/relation_tuples.pb.go b/proto/ory/keto/relation_tuples/v1alpha2/relation_tuples.pb.go
index a10eb10e8..ebb8612a9 100644
--- a/proto/ory/keto/relation_tuples/v1alpha2/relation_tuples.pb.go
+++ b/proto/ory/keto/relation_tuples/v1alpha2/relation_tuples.pb.go
@@ -1,6 +1,6 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
-// protoc-gen-go v1.32.0
+// protoc-gen-go v1.34.2
// protoc (unknown)
// source: ory/keto/relation_tuples/v1alpha2/relation_tuples.proto
@@ -419,7 +419,7 @@ func file_ory_keto_relation_tuples_v1alpha2_relation_tuples_proto_rawDescGZIP()
}
var file_ory_keto_relation_tuples_v1alpha2_relation_tuples_proto_msgTypes = make([]protoimpl.MessageInfo, 4)
-var file_ory_keto_relation_tuples_v1alpha2_relation_tuples_proto_goTypes = []interface{}{
+var file_ory_keto_relation_tuples_v1alpha2_relation_tuples_proto_goTypes = []any{
(*RelationTuple)(nil), // 0: ory.keto.relation_tuples.v1alpha2.RelationTuple
(*RelationQuery)(nil), // 1: ory.keto.relation_tuples.v1alpha2.RelationQuery
(*Subject)(nil), // 2: ory.keto.relation_tuples.v1alpha2.Subject
@@ -442,7 +442,7 @@ func file_ory_keto_relation_tuples_v1alpha2_relation_tuples_proto_init() {
return
}
if !protoimpl.UnsafeEnabled {
- file_ory_keto_relation_tuples_v1alpha2_relation_tuples_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+ file_ory_keto_relation_tuples_v1alpha2_relation_tuples_proto_msgTypes[0].Exporter = func(v any, i int) any {
switch v := v.(*RelationTuple); i {
case 0:
return &v.state
@@ -454,7 +454,7 @@ func file_ory_keto_relation_tuples_v1alpha2_relation_tuples_proto_init() {
return nil
}
}
- file_ory_keto_relation_tuples_v1alpha2_relation_tuples_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+ file_ory_keto_relation_tuples_v1alpha2_relation_tuples_proto_msgTypes[1].Exporter = func(v any, i int) any {
switch v := v.(*RelationQuery); i {
case 0:
return &v.state
@@ -466,7 +466,7 @@ func file_ory_keto_relation_tuples_v1alpha2_relation_tuples_proto_init() {
return nil
}
}
- file_ory_keto_relation_tuples_v1alpha2_relation_tuples_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+ file_ory_keto_relation_tuples_v1alpha2_relation_tuples_proto_msgTypes[2].Exporter = func(v any, i int) any {
switch v := v.(*Subject); i {
case 0:
return &v.state
@@ -478,7 +478,7 @@ func file_ory_keto_relation_tuples_v1alpha2_relation_tuples_proto_init() {
return nil
}
}
- file_ory_keto_relation_tuples_v1alpha2_relation_tuples_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+ file_ory_keto_relation_tuples_v1alpha2_relation_tuples_proto_msgTypes[3].Exporter = func(v any, i int) any {
switch v := v.(*SubjectSet); i {
case 0:
return &v.state
@@ -491,8 +491,8 @@ func file_ory_keto_relation_tuples_v1alpha2_relation_tuples_proto_init() {
}
}
}
- file_ory_keto_relation_tuples_v1alpha2_relation_tuples_proto_msgTypes[1].OneofWrappers = []interface{}{}
- file_ory_keto_relation_tuples_v1alpha2_relation_tuples_proto_msgTypes[2].OneofWrappers = []interface{}{
+ file_ory_keto_relation_tuples_v1alpha2_relation_tuples_proto_msgTypes[1].OneofWrappers = []any{}
+ file_ory_keto_relation_tuples_v1alpha2_relation_tuples_proto_msgTypes[2].OneofWrappers = []any{
(*Subject_Id)(nil),
(*Subject_Set)(nil),
}
diff --git a/proto/ory/keto/relation_tuples/v1alpha2/relation_tuples_pb.js b/proto/ory/keto/relation_tuples/v1alpha2/relation_tuples_pb.js
index feb5a1a5a..db07521f2 100644
--- a/proto/ory/keto/relation_tuples/v1alpha2/relation_tuples_pb.js
+++ b/proto/ory/keto/relation_tuples/v1alpha2/relation_tuples_pb.js
@@ -142,10 +142,10 @@ proto.ory.keto.relation_tuples.v1alpha2.RelationTuple.prototype.toObject = funct
*/
proto.ory.keto.relation_tuples.v1alpha2.RelationTuple.toObject = function(includeInstance, msg) {
var f, obj = {
- namespace: jspb.Message.getFieldWithDefault(msg, 1, ""),
- object: jspb.Message.getFieldWithDefault(msg, 2, ""),
- relation: jspb.Message.getFieldWithDefault(msg, 3, ""),
- subject: (f = msg.getSubject()) && proto.ory.keto.relation_tuples.v1alpha2.Subject.toObject(includeInstance, f)
+namespace: jspb.Message.getFieldWithDefault(msg, 1, ""),
+object: jspb.Message.getFieldWithDefault(msg, 2, ""),
+relation: jspb.Message.getFieldWithDefault(msg, 3, ""),
+subject: (f = msg.getSubject()) && proto.ory.keto.relation_tuples.v1alpha2.Subject.toObject(includeInstance, f)
};
if (includeInstance) {
@@ -383,10 +383,10 @@ proto.ory.keto.relation_tuples.v1alpha2.RelationQuery.prototype.toObject = funct
*/
proto.ory.keto.relation_tuples.v1alpha2.RelationQuery.toObject = function(includeInstance, msg) {
var f, obj = {
- namespace: jspb.Message.getFieldWithDefault(msg, 1, ""),
- object: jspb.Message.getFieldWithDefault(msg, 2, ""),
- relation: jspb.Message.getFieldWithDefault(msg, 3, ""),
- subject: (f = msg.getSubject()) && proto.ory.keto.relation_tuples.v1alpha2.Subject.toObject(includeInstance, f)
+namespace: (f = jspb.Message.getField(msg, 1)) == null ? undefined : f,
+object: (f = jspb.Message.getField(msg, 2)) == null ? undefined : f,
+relation: (f = jspb.Message.getField(msg, 3)) == null ? undefined : f,
+subject: (f = msg.getSubject()) && proto.ory.keto.relation_tuples.v1alpha2.Subject.toObject(includeInstance, f)
};
if (includeInstance) {
@@ -704,8 +704,8 @@ proto.ory.keto.relation_tuples.v1alpha2.Subject.prototype.toObject = function(op
*/
proto.ory.keto.relation_tuples.v1alpha2.Subject.toObject = function(includeInstance, msg) {
var f, obj = {
- id: jspb.Message.getFieldWithDefault(msg, 1, ""),
- set: (f = msg.getSet()) && proto.ory.keto.relation_tuples.v1alpha2.SubjectSet.toObject(includeInstance, f)
+id: (f = jspb.Message.getField(msg, 1)) == null ? undefined : f,
+set: (f = msg.getSet()) && proto.ory.keto.relation_tuples.v1alpha2.SubjectSet.toObject(includeInstance, f)
};
if (includeInstance) {
@@ -903,9 +903,9 @@ proto.ory.keto.relation_tuples.v1alpha2.SubjectSet.prototype.toObject = function
*/
proto.ory.keto.relation_tuples.v1alpha2.SubjectSet.toObject = function(includeInstance, msg) {
var f, obj = {
- namespace: jspb.Message.getFieldWithDefault(msg, 1, ""),
- object: jspb.Message.getFieldWithDefault(msg, 2, ""),
- relation: jspb.Message.getFieldWithDefault(msg, 3, "")
+namespace: jspb.Message.getFieldWithDefault(msg, 1, ""),
+object: jspb.Message.getFieldWithDefault(msg, 2, ""),
+relation: jspb.Message.getFieldWithDefault(msg, 3, "")
};
if (includeInstance) {
diff --git a/proto/ory/keto/relation_tuples/v1alpha2/version.pb.go b/proto/ory/keto/relation_tuples/v1alpha2/version.pb.go
index 4db5257db..390766ee1 100644
--- a/proto/ory/keto/relation_tuples/v1alpha2/version.pb.go
+++ b/proto/ory/keto/relation_tuples/v1alpha2/version.pb.go
@@ -1,6 +1,6 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
-// protoc-gen-go v1.32.0
+// protoc-gen-go v1.34.2
// protoc (unknown)
// source: ory/keto/relation_tuples/v1alpha2/version.proto
@@ -158,7 +158,7 @@ func file_ory_keto_relation_tuples_v1alpha2_version_proto_rawDescGZIP() []byte {
}
var file_ory_keto_relation_tuples_v1alpha2_version_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
-var file_ory_keto_relation_tuples_v1alpha2_version_proto_goTypes = []interface{}{
+var file_ory_keto_relation_tuples_v1alpha2_version_proto_goTypes = []any{
(*GetVersionRequest)(nil), // 0: ory.keto.relation_tuples.v1alpha2.GetVersionRequest
(*GetVersionResponse)(nil), // 1: ory.keto.relation_tuples.v1alpha2.GetVersionResponse
}
@@ -178,7 +178,7 @@ func file_ory_keto_relation_tuples_v1alpha2_version_proto_init() {
return
}
if !protoimpl.UnsafeEnabled {
- file_ory_keto_relation_tuples_v1alpha2_version_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+ file_ory_keto_relation_tuples_v1alpha2_version_proto_msgTypes[0].Exporter = func(v any, i int) any {
switch v := v.(*GetVersionRequest); i {
case 0:
return &v.state
@@ -190,7 +190,7 @@ func file_ory_keto_relation_tuples_v1alpha2_version_proto_init() {
return nil
}
}
- file_ory_keto_relation_tuples_v1alpha2_version_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+ file_ory_keto_relation_tuples_v1alpha2_version_proto_msgTypes[1].Exporter = func(v any, i int) any {
switch v := v.(*GetVersionResponse); i {
case 0:
return &v.state
diff --git a/proto/ory/keto/relation_tuples/v1alpha2/version_grpc.pb.go b/proto/ory/keto/relation_tuples/v1alpha2/version_grpc.pb.go
index 7bc495a87..5cdbde811 100644
--- a/proto/ory/keto/relation_tuples/v1alpha2/version_grpc.pb.go
+++ b/proto/ory/keto/relation_tuples/v1alpha2/version_grpc.pb.go
@@ -1,6 +1,6 @@
// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
// versions:
-// - protoc-gen-go-grpc v1.3.0
+// - protoc-gen-go-grpc v1.4.0
// - protoc (unknown)
// source: ory/keto/relation_tuples/v1alpha2/version.proto
@@ -15,8 +15,8 @@ import (
// This is a compile-time assertion to ensure that this generated file
// is compatible with the grpc package it is being compiled against.
-// Requires gRPC-Go v1.32.0 or later.
-const _ = grpc.SupportPackageIsVersion7
+// Requires gRPC-Go v1.62.0 or later.
+const _ = grpc.SupportPackageIsVersion8
const (
VersionService_GetVersion_FullMethodName = "/ory.keto.relation_tuples.v1alpha2.VersionService/GetVersion"
@@ -25,6 +25,10 @@ const (
// VersionServiceClient is the client API for VersionService service.
//
// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+//
+// The service returning the specific Ory Keto instance version.
+//
+// This service is part of the [read-APIs](../concepts/25_api-overview.mdx#read-apis) and [write-APIs](../concepts/25_api-overview.mdx#write-apis).
type VersionServiceClient interface {
// Returns the version of the Ory Keto instance.
GetVersion(ctx context.Context, in *GetVersionRequest, opts ...grpc.CallOption) (*GetVersionResponse, error)
@@ -39,8 +43,9 @@ func NewVersionServiceClient(cc grpc.ClientConnInterface) VersionServiceClient {
}
func (c *versionServiceClient) GetVersion(ctx context.Context, in *GetVersionRequest, opts ...grpc.CallOption) (*GetVersionResponse, error) {
+ cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(GetVersionResponse)
- err := c.cc.Invoke(ctx, VersionService_GetVersion_FullMethodName, in, out, opts...)
+ err := c.cc.Invoke(ctx, VersionService_GetVersion_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
@@ -50,6 +55,10 @@ func (c *versionServiceClient) GetVersion(ctx context.Context, in *GetVersionReq
// VersionServiceServer is the server API for VersionService service.
// All implementations should embed UnimplementedVersionServiceServer
// for forward compatibility
+//
+// The service returning the specific Ory Keto instance version.
+//
+// This service is part of the [read-APIs](../concepts/25_api-overview.mdx#read-apis) and [write-APIs](../concepts/25_api-overview.mdx#write-apis).
type VersionServiceServer interface {
// Returns the version of the Ory Keto instance.
GetVersion(context.Context, *GetVersionRequest) (*GetVersionResponse, error)
diff --git a/proto/ory/keto/relation_tuples/v1alpha2/version_pb.js b/proto/ory/keto/relation_tuples/v1alpha2/version_pb.js
index 827707b8d..f65059cd1 100644
--- a/proto/ory/keto/relation_tuples/v1alpha2/version_pb.js
+++ b/proto/ory/keto/relation_tuples/v1alpha2/version_pb.js
@@ -198,7 +198,7 @@ proto.ory.keto.relation_tuples.v1alpha2.GetVersionResponse.prototype.toObject =
*/
proto.ory.keto.relation_tuples.v1alpha2.GetVersionResponse.toObject = function(includeInstance, msg) {
var f, obj = {
- version: jspb.Message.getFieldWithDefault(msg, 1, "")
+version: jspb.Message.getFieldWithDefault(msg, 1, "")
};
if (includeInstance) {
diff --git a/proto/ory/keto/relation_tuples/v1alpha2/write_service.pb.go b/proto/ory/keto/relation_tuples/v1alpha2/write_service.pb.go
index b66e1fb6f..8fd570210 100644
--- a/proto/ory/keto/relation_tuples/v1alpha2/write_service.pb.go
+++ b/proto/ory/keto/relation_tuples/v1alpha2/write_service.pb.go
@@ -1,6 +1,6 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
-// protoc-gen-go v1.32.0
+// protoc-gen-go v1.34.2
// protoc (unknown)
// source: ory/keto/relation_tuples/v1alpha2/write_service.proto
@@ -530,7 +530,7 @@ func file_ory_keto_relation_tuples_v1alpha2_write_service_proto_rawDescGZIP() []
var file_ory_keto_relation_tuples_v1alpha2_write_service_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
var file_ory_keto_relation_tuples_v1alpha2_write_service_proto_msgTypes = make([]protoimpl.MessageInfo, 6)
-var file_ory_keto_relation_tuples_v1alpha2_write_service_proto_goTypes = []interface{}{
+var file_ory_keto_relation_tuples_v1alpha2_write_service_proto_goTypes = []any{
(RelationTupleDelta_Action)(0), // 0: ory.keto.relation_tuples.v1alpha2.RelationTupleDelta.Action
(*TransactRelationTuplesRequest)(nil), // 1: ory.keto.relation_tuples.v1alpha2.TransactRelationTuplesRequest
(*RelationTupleDelta)(nil), // 2: ory.keto.relation_tuples.v1alpha2.RelationTupleDelta
@@ -567,7 +567,7 @@ func file_ory_keto_relation_tuples_v1alpha2_write_service_proto_init() {
}
file_ory_keto_relation_tuples_v1alpha2_relation_tuples_proto_init()
if !protoimpl.UnsafeEnabled {
- file_ory_keto_relation_tuples_v1alpha2_write_service_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+ file_ory_keto_relation_tuples_v1alpha2_write_service_proto_msgTypes[0].Exporter = func(v any, i int) any {
switch v := v.(*TransactRelationTuplesRequest); i {
case 0:
return &v.state
@@ -579,7 +579,7 @@ func file_ory_keto_relation_tuples_v1alpha2_write_service_proto_init() {
return nil
}
}
- file_ory_keto_relation_tuples_v1alpha2_write_service_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
+ file_ory_keto_relation_tuples_v1alpha2_write_service_proto_msgTypes[1].Exporter = func(v any, i int) any {
switch v := v.(*RelationTupleDelta); i {
case 0:
return &v.state
@@ -591,7 +591,7 @@ func file_ory_keto_relation_tuples_v1alpha2_write_service_proto_init() {
return nil
}
}
- file_ory_keto_relation_tuples_v1alpha2_write_service_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
+ file_ory_keto_relation_tuples_v1alpha2_write_service_proto_msgTypes[2].Exporter = func(v any, i int) any {
switch v := v.(*TransactRelationTuplesResponse); i {
case 0:
return &v.state
@@ -603,7 +603,7 @@ func file_ory_keto_relation_tuples_v1alpha2_write_service_proto_init() {
return nil
}
}
- file_ory_keto_relation_tuples_v1alpha2_write_service_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
+ file_ory_keto_relation_tuples_v1alpha2_write_service_proto_msgTypes[3].Exporter = func(v any, i int) any {
switch v := v.(*DeleteRelationTuplesRequest); i {
case 0:
return &v.state
@@ -615,7 +615,7 @@ func file_ory_keto_relation_tuples_v1alpha2_write_service_proto_init() {
return nil
}
}
- file_ory_keto_relation_tuples_v1alpha2_write_service_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
+ file_ory_keto_relation_tuples_v1alpha2_write_service_proto_msgTypes[4].Exporter = func(v any, i int) any {
switch v := v.(*DeleteRelationTuplesResponse); i {
case 0:
return &v.state
@@ -627,7 +627,7 @@ func file_ory_keto_relation_tuples_v1alpha2_write_service_proto_init() {
return nil
}
}
- file_ory_keto_relation_tuples_v1alpha2_write_service_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
+ file_ory_keto_relation_tuples_v1alpha2_write_service_proto_msgTypes[5].Exporter = func(v any, i int) any {
switch v := v.(*DeleteRelationTuplesRequest_Query); i {
case 0:
return &v.state
diff --git a/proto/ory/keto/relation_tuples/v1alpha2/write_service_grpc.pb.go b/proto/ory/keto/relation_tuples/v1alpha2/write_service_grpc.pb.go
index 6e6e95a19..57c8f23b6 100644
--- a/proto/ory/keto/relation_tuples/v1alpha2/write_service_grpc.pb.go
+++ b/proto/ory/keto/relation_tuples/v1alpha2/write_service_grpc.pb.go
@@ -1,6 +1,6 @@
// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
// versions:
-// - protoc-gen-go-grpc v1.3.0
+// - protoc-gen-go-grpc v1.4.0
// - protoc (unknown)
// source: ory/keto/relation_tuples/v1alpha2/write_service.proto
@@ -15,8 +15,8 @@ import (
// This is a compile-time assertion to ensure that this generated file
// is compatible with the grpc package it is being compiled against.
-// Requires gRPC-Go v1.32.0 or later.
-const _ = grpc.SupportPackageIsVersion7
+// Requires gRPC-Go v1.62.0 or later.
+const _ = grpc.SupportPackageIsVersion8
const (
WriteService_TransactRelationTuples_FullMethodName = "/ory.keto.relation_tuples.v1alpha2.WriteService/TransactRelationTuples"
@@ -26,6 +26,10 @@ const (
// WriteServiceClient is the client API for WriteService service.
//
// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+//
+// The write service to create and delete Access Control Lists.
+//
+// This service is part of the [write-APIs](../concepts/25_api-overview.mdx#write-apis).
type WriteServiceClient interface {
// Writes one or more relationships in a single transaction.
TransactRelationTuples(ctx context.Context, in *TransactRelationTuplesRequest, opts ...grpc.CallOption) (*TransactRelationTuplesResponse, error)
@@ -42,8 +46,9 @@ func NewWriteServiceClient(cc grpc.ClientConnInterface) WriteServiceClient {
}
func (c *writeServiceClient) TransactRelationTuples(ctx context.Context, in *TransactRelationTuplesRequest, opts ...grpc.CallOption) (*TransactRelationTuplesResponse, error) {
+ cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(TransactRelationTuplesResponse)
- err := c.cc.Invoke(ctx, WriteService_TransactRelationTuples_FullMethodName, in, out, opts...)
+ err := c.cc.Invoke(ctx, WriteService_TransactRelationTuples_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
@@ -51,8 +56,9 @@ func (c *writeServiceClient) TransactRelationTuples(ctx context.Context, in *Tra
}
func (c *writeServiceClient) DeleteRelationTuples(ctx context.Context, in *DeleteRelationTuplesRequest, opts ...grpc.CallOption) (*DeleteRelationTuplesResponse, error) {
+ cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(DeleteRelationTuplesResponse)
- err := c.cc.Invoke(ctx, WriteService_DeleteRelationTuples_FullMethodName, in, out, opts...)
+ err := c.cc.Invoke(ctx, WriteService_DeleteRelationTuples_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
@@ -62,6 +68,10 @@ func (c *writeServiceClient) DeleteRelationTuples(ctx context.Context, in *Delet
// WriteServiceServer is the server API for WriteService service.
// All implementations should embed UnimplementedWriteServiceServer
// for forward compatibility
+//
+// The write service to create and delete Access Control Lists.
+//
+// This service is part of the [write-APIs](../concepts/25_api-overview.mdx#write-apis).
type WriteServiceServer interface {
// Writes one or more relationships in a single transaction.
TransactRelationTuples(context.Context, *TransactRelationTuplesRequest) (*TransactRelationTuplesResponse, error)
diff --git a/proto/ory/keto/relation_tuples/v1alpha2/write_service_pb.js b/proto/ory/keto/relation_tuples/v1alpha2/write_service_pb.js
index 0d7dd3426..247e8c2ae 100644
--- a/proto/ory/keto/relation_tuples/v1alpha2/write_service_pb.js
+++ b/proto/ory/keto/relation_tuples/v1alpha2/write_service_pb.js
@@ -195,7 +195,7 @@ proto.ory.keto.relation_tuples.v1alpha2.TransactRelationTuplesRequest.prototype.
*/
proto.ory.keto.relation_tuples.v1alpha2.TransactRelationTuplesRequest.toObject = function(includeInstance, msg) {
var f, obj = {
- relationTupleDeltasList: jspb.Message.toObjectList(msg.getRelationTupleDeltasList(),
+relationTupleDeltasList: jspb.Message.toObjectList(msg.getRelationTupleDeltasList(),
proto.ory.keto.relation_tuples.v1alpha2.RelationTupleDelta.toObject, includeInstance)
};
@@ -348,8 +348,8 @@ proto.ory.keto.relation_tuples.v1alpha2.RelationTupleDelta.prototype.toObject =
*/
proto.ory.keto.relation_tuples.v1alpha2.RelationTupleDelta.toObject = function(includeInstance, msg) {
var f, obj = {
- action: jspb.Message.getFieldWithDefault(msg, 1, 0),
- relationTuple: (f = msg.getRelationTuple()) && ory_keto_relation_tuples_v1alpha2_relation_tuples_pb.RelationTuple.toObject(includeInstance, f)
+action: jspb.Message.getFieldWithDefault(msg, 1, 0),
+relationTuple: (f = msg.getRelationTuple()) && ory_keto_relation_tuples_v1alpha2_relation_tuples_pb.RelationTuple.toObject(includeInstance, f)
};
if (includeInstance) {
@@ -545,7 +545,7 @@ proto.ory.keto.relation_tuples.v1alpha2.TransactRelationTuplesResponse.prototype
*/
proto.ory.keto.relation_tuples.v1alpha2.TransactRelationTuplesResponse.toObject = function(includeInstance, msg) {
var f, obj = {
- snaptokensList: (f = jspb.Message.getRepeatedField(msg, 1)) == null ? undefined : f
+snaptokensList: (f = jspb.Message.getRepeatedField(msg, 1)) == null ? undefined : f
};
if (includeInstance) {
@@ -694,8 +694,8 @@ proto.ory.keto.relation_tuples.v1alpha2.DeleteRelationTuplesRequest.prototype.to
*/
proto.ory.keto.relation_tuples.v1alpha2.DeleteRelationTuplesRequest.toObject = function(includeInstance, msg) {
var f, obj = {
- query: (f = msg.getQuery()) && proto.ory.keto.relation_tuples.v1alpha2.DeleteRelationTuplesRequest.Query.toObject(includeInstance, f),
- relationQuery: (f = msg.getRelationQuery()) && ory_keto_relation_tuples_v1alpha2_relation_tuples_pb.RelationQuery.toObject(includeInstance, f)
+query: (f = msg.getQuery()) && proto.ory.keto.relation_tuples.v1alpha2.DeleteRelationTuplesRequest.Query.toObject(includeInstance, f),
+relationQuery: (f = msg.getRelationQuery()) && ory_keto_relation_tuples_v1alpha2_relation_tuples_pb.RelationQuery.toObject(includeInstance, f)
};
if (includeInstance) {
@@ -822,10 +822,10 @@ proto.ory.keto.relation_tuples.v1alpha2.DeleteRelationTuplesRequest.Query.protot
*/
proto.ory.keto.relation_tuples.v1alpha2.DeleteRelationTuplesRequest.Query.toObject = function(includeInstance, msg) {
var f, obj = {
- namespace: jspb.Message.getFieldWithDefault(msg, 1, ""),
- object: jspb.Message.getFieldWithDefault(msg, 2, ""),
- relation: jspb.Message.getFieldWithDefault(msg, 3, ""),
- subject: (f = msg.getSubject()) && ory_keto_relation_tuples_v1alpha2_relation_tuples_pb.Subject.toObject(includeInstance, f)
+namespace: jspb.Message.getFieldWithDefault(msg, 1, ""),
+object: jspb.Message.getFieldWithDefault(msg, 2, ""),
+relation: jspb.Message.getFieldWithDefault(msg, 3, ""),
+subject: (f = msg.getSubject()) && ory_keto_relation_tuples_v1alpha2_relation_tuples_pb.Subject.toObject(includeInstance, f)
};
if (includeInstance) {
diff --git a/spec/api.json b/spec/api.json
index d6a2e4740..4e4391630 100755
--- a/spec/api.json
+++ b/spec/api.json
@@ -38,6 +38,32 @@
"format": "uuid4",
"type": "string"
},
+ "batchCheckPermissionBody": {
+ "description": "Batch Check Permission Body",
+ "properties": {
+ "tuples": {
+ "items": {
+ "$ref": "#/components/schemas/relationship"
+ },
+ "type": "array"
+ }
+ },
+ "type": "object"
+ },
+ "batchCheckPermissionResult": {
+ "description": "Batch Check Permission Result",
+ "properties": {
+ "results": {
+ "description": "An array of check results. The order aligns with the input order.",
+ "items": {
+ "$ref": "#/components/schemas/checkPermissionResultWithError"
+ },
+ "type": "array"
+ }
+ },
+ "required": ["results"],
+ "type": "object"
+ },
"checkOplSyntaxBody": {
"description": "Ory Permission Language Document",
"type": "string"
@@ -67,6 +93,21 @@
"title": "Check Permission Result",
"type": "object"
},
+ "checkPermissionResultWithError": {
+ "description": "Check Permission Result With Error",
+ "properties": {
+ "allowed": {
+ "description": "whether the relation tuple is allowed",
+ "type": "boolean"
+ },
+ "error": {
+ "description": "any error generated while checking the relation tuple",
+ "type": "string"
+ }
+ },
+ "required": ["allowed"],
+ "type": "object"
+ },
"createRelationshipBody": {
"description": "Create Relationship Request Body",
"properties": {
@@ -878,6 +919,66 @@
"tags": ["relationship"]
}
},
+ "/relation-tuples/batch/check": {
+ "post": {
+ "description": "To learn how relationship tuples and the check works, head over to [the documentation](https://www.ory.sh/docs/keto/concepts/api-overview).",
+ "operationId": "batchCheckPermission",
+ "parameters": [
+ {
+ "in": "query",
+ "name": "max-depth",
+ "schema": {
+ "format": "int64",
+ "type": "integer"
+ }
+ }
+ ],
+ "requestBody": {
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/batchCheckPermissionBody"
+ }
+ }
+ },
+ "x-originalParamName": "Body"
+ },
+ "responses": {
+ "200": {
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/batchCheckPermissionResult"
+ }
+ }
+ },
+ "description": "batchCheckPermissionResult"
+ },
+ "400": {
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/errorGeneric"
+ }
+ }
+ },
+ "description": "errorGeneric"
+ },
+ "default": {
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/errorGeneric"
+ }
+ }
+ },
+ "description": "errorGeneric"
+ }
+ },
+ "summary": "Batch check permissions",
+ "tags": ["permission"]
+ }
+ },
"/relation-tuples/check": {
"get": {
"description": "To learn how relationship tuples and the check works, head over to [the documentation](https://www.ory.sh/docs/keto/concepts/api-overview).",
diff --git a/spec/swagger.json b/spec/swagger.json
index ab82fbd4e..a805b7576 100755
--- a/spec/swagger.json
+++ b/spec/swagger.json
@@ -375,6 +375,52 @@
}
}
},
+ "/relation-tuples/batch/check": {
+ "post": {
+ "description": "To learn how relationship tuples and the check works, head over to [the documentation](https://www.ory.sh/docs/keto/concepts/api-overview).",
+ "consumes": ["application/json"],
+ "produces": ["application/json"],
+ "schemes": ["http", "https"],
+ "tags": ["permission"],
+ "summary": "Batch check permissions",
+ "operationId": "batchCheckPermission",
+ "parameters": [
+ {
+ "type": "integer",
+ "format": "int64",
+ "name": "max-depth",
+ "in": "query"
+ },
+ {
+ "name": "Body",
+ "in": "body",
+ "schema": {
+ "$ref": "#/definitions/batchCheckPermissionBody"
+ }
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "batchCheckPermissionResult",
+ "schema": {
+ "$ref": "#/definitions/batchCheckPermissionResult"
+ }
+ },
+ "400": {
+ "description": "errorGeneric",
+ "schema": {
+ "$ref": "#/definitions/errorGeneric"
+ }
+ },
+ "default": {
+ "description": "errorGeneric",
+ "schema": {
+ "$ref": "#/definitions/errorGeneric"
+ }
+ }
+ }
+ }
+ },
"/relation-tuples/check": {
"get": {
"description": "To learn how relationship tuples and the check works, head over to [the documentation](https://www.ory.sh/docs/keto/concepts/api-overview).",
@@ -750,6 +796,32 @@
}
}
},
+ "batchCheckPermissionBody": {
+ "description": "Batch Check Permission Body",
+ "type": "object",
+ "properties": {
+ "tuples": {
+ "type": "array",
+ "items": {
+ "$ref": "#/definitions/relationship"
+ }
+ }
+ }
+ },
+ "batchCheckPermissionResult": {
+ "description": "Batch Check Permission Result",
+ "type": "object",
+ "required": ["results"],
+ "properties": {
+ "results": {
+ "description": "An array of check results. The order aligns with the input order.",
+ "type": "array",
+ "items": {
+ "$ref": "#/definitions/checkPermissionResultWithError"
+ }
+ }
+ }
+ },
"checkOplSyntaxBody": {
"description": "Ory Permission Language Document",
"type": "string"
@@ -779,6 +851,21 @@
}
}
},
+ "checkPermissionResultWithError": {
+ "description": "Check Permission Result With Error",
+ "type": "object",
+ "required": ["allowed"],
+ "properties": {
+ "allowed": {
+ "description": "whether the relation tuple is allowed",
+ "type": "boolean"
+ },
+ "error": {
+ "description": "any error generated while checking the relation tuple",
+ "type": "string"
+ }
+ }
+ },
"createRelationshipBody": {
"description": "Create Relationship Request Body",
"type": "object",