diff --git a/docs/grpc/index.html b/docs/grpc/index.html index c7ce2094d7..e3bba4113a 100644 --- a/docs/grpc/index.html +++ b/docs/grpc/index.html @@ -1000,6 +1000,22 @@

Table of Contents

MGetAttributeValuesByFqnsResponse.FqnAttributeValuesEntry +
  • + MGetEntitleableAttributesByFqnsRequest +
  • + +
  • + MGetEntitleableAttributesByFqnsResponse +
  • + +
  • + MGetEntitleableAttributesByFqnsResponse.EntitleableAttribute +
  • + +
  • + MGetEntitleableAttributesByFqnsResponse.FqnEntitleableAttributesEntry +
  • +
  • MGetKeyMappingsByFqnsRequest
  • @@ -9099,6 +9115,145 @@

    GetEntitleableAttributesByFqnsRequest

    +

    Entitleable Attributes By FQNs (server-side decisioning path)

    Narrow read API for Auth Service / Access PDP entitlement resolution. Given

    attribute value FQNs, returns the attribute rule, the value identity, the

    ordered definition value FQNs (for hierarchy rule logic), and the subject

    mappings needed to resolve entitlements. It does not return KAS keys, grants,

    resource mappings, obligations, or metadata.

    + + + + + + + + + + + + + + + + +
    FieldTypeLabelDescription
    fqnsstringrepeated

    Required +Fully Qualified Names of attribute values (i.e. https://<namespace>/attr/<attribute_name>/value/<value_name>), normalized to lower case.

    + + + + + +

    GetEntitleableAttributesByFqnsResponse

    +

    + + + + + + + + + + + + + + + + +
    FieldTypeLabelDescription
    fqn_entitleable_attributesGetEntitleableAttributesByFqnsResponse.FqnEntitleableAttributesEntryrepeated

    map of FQNs to their entitleable attribute information, for O(1) lookup

    + + + + + +

    GetEntitleableAttributesByFqnsResponse.EntitleableAttribute

    +

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldTypeLabelDescription
    fqnstring

    the attribute value FQN this entry is for

    attribute_fqnstring

    the parent attribute definition FQN

    rulepolicy.AttributeRuleTypeEnum

    the attribute rule, which drives rule logic during decisioning

    value_idstring

    identity of the attribute value

    definition_value_fqnsstringrepeated

    the definition's value FQNs in order, used for hierarchy rule expansion

    subject_mappingspolicy.SubjectMappingrepeated

    subject mappings used to resolve entitlements for this value

    + + + + + +

    GetEntitleableAttributesByFqnsResponse.FqnEntitleableAttributesEntry

    +

    + + + + + + + + + + + + + + + + + + + + + + + +
    FieldTypeLabelDescription
    keystring

    valueGetEntitleableAttributesByFqnsResponse.EntitleableAttribute

    + + + + +

    GetKeyMappingsByFqnsRequest

    Key Mappings By FQNs (client-side key split path)

    Narrow read API for the client-side encrypt flow. Given attribute value FQNs,

    returns only the information needed to build key splits: the governing

    attribute rule and the effective KAS keys resolved server-side. It does not

    return subject mappings, resource mappings, obligations, sibling values, or

    metadata. Prefer this over GetAttributeValuesByFqns when building splits.

    @@ -9844,6 +9999,15 @@

    AttributesService

    requested attribute value FQNs, for client-side key split construction.

    + + GetEntitleableAttributesByFqns + GetEntitleableAttributesByFqnsRequest + GetEntitleableAttributesByFqnsResponse +

    Returns only entitlement-relevant information (rule, value identity, ordered +definition values, and subject mappings) for the requested attribute value +FQNs, for server-side decisioning / entitlement resolution.

    + + CreateAttribute CreateAttributeRequest @@ -10033,6 +10197,11 @@

    Methods with idempotency_level option

    NO_SIDE_EFFECTS

    + + GetEntitleableAttributesByFqns +

    NO_SIDE_EFFECTS

    + + GetAttributeValue

    NO_SIDE_EFFECTS

    diff --git a/docs/openapi/policy/attributes/attributes.openapi.yaml b/docs/openapi/policy/attributes/attributes.openapi.yaml index 1e8b235458..f09330272e 100644 --- a/docs/openapi/policy/attributes/attributes.openapi.yaml +++ b/docs/openapi/policy/attributes/attributes.openapi.yaml @@ -188,6 +188,45 @@ paths: application/json: schema: $ref: '#/components/schemas/policy.attributes.GetKeyMappingsByFqnsResponse' + /policy.attributes.AttributesService/GetEntitleableAttributesByFqns: + post: + tags: + - policy.attributes.AttributesService + summary: GetEntitleableAttributesByFqns + description: |- + Returns only entitlement-relevant information (rule, value identity, ordered + definition values, and subject mappings) for the requested attribute value + FQNs, for server-side decisioning / entitlement resolution. + operationId: policy.attributes.AttributesService.GetEntitleableAttributesByFqns + parameters: + - name: Connect-Protocol-Version + in: header + required: true + schema: + $ref: '#/components/schemas/connect-protocol-version' + - name: Connect-Timeout-Ms + in: header + schema: + $ref: '#/components/schemas/connect-timeout-header' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy.attributes.GetEntitleableAttributesByFqnsRequest' + required: true + responses: + default: + description: Error + content: + application/json: + schema: + $ref: '#/components/schemas/connect.error' + "200": + description: Success + content: + application/json: + schema: + $ref: '#/components/schemas/policy.attributes.GetEntitleableAttributesByFqnsResponse' /policy.attributes.AttributesService/CreateAttribute: post: tags: @@ -2178,6 +2217,87 @@ components: $ref: '#/components/schemas/policy.attributes.GetAttributeValuesByFqnsResponse.AttributeAndValue' title: FqnAttributeValuesEntry additionalProperties: false + policy.attributes.GetEntitleableAttributesByFqnsRequest: + type: object + properties: + fqns: + type: array + items: + type: string + maxItems: 250 + minItems: 1 + title: fqns + maxItems: 250 + minItems: 1 + description: |- + Required + Fully Qualified Names of attribute values (i.e. https:///attr//value/), normalized to lower case. + title: GetEntitleableAttributesByFqnsRequest + additionalProperties: false + description: |- + Entitleable Attributes By FQNs (server-side decisioning path) + + Narrow read API for Auth Service / Access PDP entitlement resolution. Given + attribute value FQNs, returns the attribute rule, the value identity, the + ordered definition value FQNs (for hierarchy rule logic), and the subject + mappings needed to resolve entitlements. It does not return KAS keys, grants, + resource mappings, obligations, or metadata. + policy.attributes.GetEntitleableAttributesByFqnsResponse: + type: object + properties: + fqnEntitleableAttributes: + type: object + title: fqn_entitleable_attributes + additionalProperties: + title: value + $ref: '#/components/schemas/policy.attributes.GetEntitleableAttributesByFqnsResponse.EntitleableAttribute' + description: map of FQNs to their entitleable attribute information, for O(1) lookup + title: GetEntitleableAttributesByFqnsResponse + additionalProperties: false + policy.attributes.GetEntitleableAttributesByFqnsResponse.EntitleableAttribute: + type: object + properties: + fqn: + type: string + title: fqn + description: the attribute value FQN this entry is for + attributeFqn: + type: string + title: attribute_fqn + description: the parent attribute definition FQN + rule: + title: rule + description: the attribute rule, which drives rule logic during decisioning + $ref: '#/components/schemas/policy.AttributeRuleTypeEnum' + valueId: + type: string + title: value_id + description: identity of the attribute value + definitionValueFqns: + type: array + items: + type: string + title: definition_value_fqns + description: the definition's value FQNs in order, used for hierarchy rule expansion + subjectMappings: + type: array + items: + $ref: '#/components/schemas/policy.SubjectMapping' + title: subject_mappings + description: subject mappings used to resolve entitlements for this value + title: EntitleableAttribute + additionalProperties: false + policy.attributes.GetEntitleableAttributesByFqnsResponse.FqnEntitleableAttributesEntry: + type: object + properties: + key: + type: string + title: key + value: + title: value + $ref: '#/components/schemas/policy.attributes.GetEntitleableAttributesByFqnsResponse.EntitleableAttribute' + title: FqnEntitleableAttributesEntry + additionalProperties: false policy.attributes.GetKeyMappingsByFqnsRequest: type: object properties: diff --git a/protocol/go/policy/attributes/attributes.pb.go b/protocol/go/policy/attributes/attributes.pb.go index 836c53aafa..84960e6a51 100644 --- a/protocol/go/policy/attributes/attributes.pb.go +++ b/protocol/go/policy/attributes/attributes.pb.go @@ -1877,6 +1877,110 @@ func (x *GetKeyMappingsByFqnsResponse) GetFqnKeyMappings() map[string]*GetKeyMap return nil } +// Entitleable Attributes By FQNs (server-side decisioning path) +// +// Narrow read API for Auth Service / Access PDP entitlement resolution. Given +// attribute value FQNs, returns the attribute rule, the value identity, the +// ordered definition value FQNs (for hierarchy rule logic), and the subject +// mappings needed to resolve entitlements. It does not return KAS keys, grants, +// resource mappings, obligations, or metadata. +type GetEntitleableAttributesByFqnsRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Required + // Fully Qualified Names of attribute values (i.e. https:///attr//value/), normalized to lower case. + Fqns []string `protobuf:"bytes,1,rep,name=fqns,proto3" json:"fqns,omitempty"` +} + +func (x *GetEntitleableAttributesByFqnsRequest) Reset() { + *x = GetEntitleableAttributesByFqnsRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_policy_attributes_attributes_proto_msgTypes[30] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *GetEntitleableAttributesByFqnsRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*GetEntitleableAttributesByFqnsRequest) ProtoMessage() {} + +func (x *GetEntitleableAttributesByFqnsRequest) ProtoReflect() protoreflect.Message { + mi := &file_policy_attributes_attributes_proto_msgTypes[30] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use GetEntitleableAttributesByFqnsRequest.ProtoReflect.Descriptor instead. +func (*GetEntitleableAttributesByFqnsRequest) Descriptor() ([]byte, []int) { + return file_policy_attributes_attributes_proto_rawDescGZIP(), []int{30} +} + +func (x *GetEntitleableAttributesByFqnsRequest) GetFqns() []string { + if x != nil { + return x.Fqns + } + return nil +} + +type GetEntitleableAttributesByFqnsResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // map of FQNs to their entitleable attribute information, for O(1) lookup + FqnEntitleableAttributes map[string]*GetEntitleableAttributesByFqnsResponse_EntitleableAttribute `protobuf:"bytes,1,rep,name=fqn_entitleable_attributes,json=fqnEntitleableAttributes,proto3" json:"fqn_entitleable_attributes,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` +} + +func (x *GetEntitleableAttributesByFqnsResponse) Reset() { + *x = GetEntitleableAttributesByFqnsResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_policy_attributes_attributes_proto_msgTypes[31] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *GetEntitleableAttributesByFqnsResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*GetEntitleableAttributesByFqnsResponse) ProtoMessage() {} + +func (x *GetEntitleableAttributesByFqnsResponse) ProtoReflect() protoreflect.Message { + mi := &file_policy_attributes_attributes_proto_msgTypes[31] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use GetEntitleableAttributesByFqnsResponse.ProtoReflect.Descriptor instead. +func (*GetEntitleableAttributesByFqnsResponse) Descriptor() ([]byte, []int) { + return file_policy_attributes_attributes_proto_rawDescGZIP(), []int{31} +} + +func (x *GetEntitleableAttributesByFqnsResponse) GetFqnEntitleableAttributes() map[string]*GetEntitleableAttributesByFqnsResponse_EntitleableAttribute { + if x != nil { + return x.FqnEntitleableAttributes + } + return nil +} + // Deprecated: utilize AssignPublicKeyToAttributeRequest // // Deprecated: Marked as deprecated in policy/attributes/attributes.proto. @@ -1892,7 +1996,7 @@ type AssignKeyAccessServerToAttributeRequest struct { func (x *AssignKeyAccessServerToAttributeRequest) Reset() { *x = AssignKeyAccessServerToAttributeRequest{} if protoimpl.UnsafeEnabled { - mi := &file_policy_attributes_attributes_proto_msgTypes[30] + mi := &file_policy_attributes_attributes_proto_msgTypes[32] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1905,7 +2009,7 @@ func (x *AssignKeyAccessServerToAttributeRequest) String() string { func (*AssignKeyAccessServerToAttributeRequest) ProtoMessage() {} func (x *AssignKeyAccessServerToAttributeRequest) ProtoReflect() protoreflect.Message { - mi := &file_policy_attributes_attributes_proto_msgTypes[30] + mi := &file_policy_attributes_attributes_proto_msgTypes[32] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1918,7 +2022,7 @@ func (x *AssignKeyAccessServerToAttributeRequest) ProtoReflect() protoreflect.Me // Deprecated: Use AssignKeyAccessServerToAttributeRequest.ProtoReflect.Descriptor instead. func (*AssignKeyAccessServerToAttributeRequest) Descriptor() ([]byte, []int) { - return file_policy_attributes_attributes_proto_rawDescGZIP(), []int{30} + return file_policy_attributes_attributes_proto_rawDescGZIP(), []int{32} } func (x *AssignKeyAccessServerToAttributeRequest) GetAttributeKeyAccessServer() *AttributeKeyAccessServer { @@ -1940,7 +2044,7 @@ type AssignKeyAccessServerToAttributeResponse struct { func (x *AssignKeyAccessServerToAttributeResponse) Reset() { *x = AssignKeyAccessServerToAttributeResponse{} if protoimpl.UnsafeEnabled { - mi := &file_policy_attributes_attributes_proto_msgTypes[31] + mi := &file_policy_attributes_attributes_proto_msgTypes[33] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1953,7 +2057,7 @@ func (x *AssignKeyAccessServerToAttributeResponse) String() string { func (*AssignKeyAccessServerToAttributeResponse) ProtoMessage() {} func (x *AssignKeyAccessServerToAttributeResponse) ProtoReflect() protoreflect.Message { - mi := &file_policy_attributes_attributes_proto_msgTypes[31] + mi := &file_policy_attributes_attributes_proto_msgTypes[33] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1966,7 +2070,7 @@ func (x *AssignKeyAccessServerToAttributeResponse) ProtoReflect() protoreflect.M // Deprecated: Use AssignKeyAccessServerToAttributeResponse.ProtoReflect.Descriptor instead. func (*AssignKeyAccessServerToAttributeResponse) Descriptor() ([]byte, []int) { - return file_policy_attributes_attributes_proto_rawDescGZIP(), []int{31} + return file_policy_attributes_attributes_proto_rawDescGZIP(), []int{33} } func (x *AssignKeyAccessServerToAttributeResponse) GetAttributeKeyAccessServer() *AttributeKeyAccessServer { @@ -1991,7 +2095,7 @@ type RemoveKeyAccessServerFromAttributeRequest struct { func (x *RemoveKeyAccessServerFromAttributeRequest) Reset() { *x = RemoveKeyAccessServerFromAttributeRequest{} if protoimpl.UnsafeEnabled { - mi := &file_policy_attributes_attributes_proto_msgTypes[32] + mi := &file_policy_attributes_attributes_proto_msgTypes[34] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2004,7 +2108,7 @@ func (x *RemoveKeyAccessServerFromAttributeRequest) String() string { func (*RemoveKeyAccessServerFromAttributeRequest) ProtoMessage() {} func (x *RemoveKeyAccessServerFromAttributeRequest) ProtoReflect() protoreflect.Message { - mi := &file_policy_attributes_attributes_proto_msgTypes[32] + mi := &file_policy_attributes_attributes_proto_msgTypes[34] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2017,7 +2121,7 @@ func (x *RemoveKeyAccessServerFromAttributeRequest) ProtoReflect() protoreflect. // Deprecated: Use RemoveKeyAccessServerFromAttributeRequest.ProtoReflect.Descriptor instead. func (*RemoveKeyAccessServerFromAttributeRequest) Descriptor() ([]byte, []int) { - return file_policy_attributes_attributes_proto_rawDescGZIP(), []int{32} + return file_policy_attributes_attributes_proto_rawDescGZIP(), []int{34} } func (x *RemoveKeyAccessServerFromAttributeRequest) GetAttributeKeyAccessServer() *AttributeKeyAccessServer { @@ -2039,7 +2143,7 @@ type RemoveKeyAccessServerFromAttributeResponse struct { func (x *RemoveKeyAccessServerFromAttributeResponse) Reset() { *x = RemoveKeyAccessServerFromAttributeResponse{} if protoimpl.UnsafeEnabled { - mi := &file_policy_attributes_attributes_proto_msgTypes[33] + mi := &file_policy_attributes_attributes_proto_msgTypes[35] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2052,7 +2156,7 @@ func (x *RemoveKeyAccessServerFromAttributeResponse) String() string { func (*RemoveKeyAccessServerFromAttributeResponse) ProtoMessage() {} func (x *RemoveKeyAccessServerFromAttributeResponse) ProtoReflect() protoreflect.Message { - mi := &file_policy_attributes_attributes_proto_msgTypes[33] + mi := &file_policy_attributes_attributes_proto_msgTypes[35] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2065,7 +2169,7 @@ func (x *RemoveKeyAccessServerFromAttributeResponse) ProtoReflect() protoreflect // Deprecated: Use RemoveKeyAccessServerFromAttributeResponse.ProtoReflect.Descriptor instead. func (*RemoveKeyAccessServerFromAttributeResponse) Descriptor() ([]byte, []int) { - return file_policy_attributes_attributes_proto_rawDescGZIP(), []int{33} + return file_policy_attributes_attributes_proto_rawDescGZIP(), []int{35} } func (x *RemoveKeyAccessServerFromAttributeResponse) GetAttributeKeyAccessServer() *AttributeKeyAccessServer { @@ -2090,7 +2194,7 @@ type AssignKeyAccessServerToValueRequest struct { func (x *AssignKeyAccessServerToValueRequest) Reset() { *x = AssignKeyAccessServerToValueRequest{} if protoimpl.UnsafeEnabled { - mi := &file_policy_attributes_attributes_proto_msgTypes[34] + mi := &file_policy_attributes_attributes_proto_msgTypes[36] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2103,7 +2207,7 @@ func (x *AssignKeyAccessServerToValueRequest) String() string { func (*AssignKeyAccessServerToValueRequest) ProtoMessage() {} func (x *AssignKeyAccessServerToValueRequest) ProtoReflect() protoreflect.Message { - mi := &file_policy_attributes_attributes_proto_msgTypes[34] + mi := &file_policy_attributes_attributes_proto_msgTypes[36] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2116,7 +2220,7 @@ func (x *AssignKeyAccessServerToValueRequest) ProtoReflect() protoreflect.Messag // Deprecated: Use AssignKeyAccessServerToValueRequest.ProtoReflect.Descriptor instead. func (*AssignKeyAccessServerToValueRequest) Descriptor() ([]byte, []int) { - return file_policy_attributes_attributes_proto_rawDescGZIP(), []int{34} + return file_policy_attributes_attributes_proto_rawDescGZIP(), []int{36} } func (x *AssignKeyAccessServerToValueRequest) GetValueKeyAccessServer() *ValueKeyAccessServer { @@ -2138,7 +2242,7 @@ type AssignKeyAccessServerToValueResponse struct { func (x *AssignKeyAccessServerToValueResponse) Reset() { *x = AssignKeyAccessServerToValueResponse{} if protoimpl.UnsafeEnabled { - mi := &file_policy_attributes_attributes_proto_msgTypes[35] + mi := &file_policy_attributes_attributes_proto_msgTypes[37] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2151,7 +2255,7 @@ func (x *AssignKeyAccessServerToValueResponse) String() string { func (*AssignKeyAccessServerToValueResponse) ProtoMessage() {} func (x *AssignKeyAccessServerToValueResponse) ProtoReflect() protoreflect.Message { - mi := &file_policy_attributes_attributes_proto_msgTypes[35] + mi := &file_policy_attributes_attributes_proto_msgTypes[37] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2164,7 +2268,7 @@ func (x *AssignKeyAccessServerToValueResponse) ProtoReflect() protoreflect.Messa // Deprecated: Use AssignKeyAccessServerToValueResponse.ProtoReflect.Descriptor instead. func (*AssignKeyAccessServerToValueResponse) Descriptor() ([]byte, []int) { - return file_policy_attributes_attributes_proto_rawDescGZIP(), []int{35} + return file_policy_attributes_attributes_proto_rawDescGZIP(), []int{37} } func (x *AssignKeyAccessServerToValueResponse) GetValueKeyAccessServer() *ValueKeyAccessServer { @@ -2189,7 +2293,7 @@ type RemoveKeyAccessServerFromValueRequest struct { func (x *RemoveKeyAccessServerFromValueRequest) Reset() { *x = RemoveKeyAccessServerFromValueRequest{} if protoimpl.UnsafeEnabled { - mi := &file_policy_attributes_attributes_proto_msgTypes[36] + mi := &file_policy_attributes_attributes_proto_msgTypes[38] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2202,7 +2306,7 @@ func (x *RemoveKeyAccessServerFromValueRequest) String() string { func (*RemoveKeyAccessServerFromValueRequest) ProtoMessage() {} func (x *RemoveKeyAccessServerFromValueRequest) ProtoReflect() protoreflect.Message { - mi := &file_policy_attributes_attributes_proto_msgTypes[36] + mi := &file_policy_attributes_attributes_proto_msgTypes[38] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2215,7 +2319,7 @@ func (x *RemoveKeyAccessServerFromValueRequest) ProtoReflect() protoreflect.Mess // Deprecated: Use RemoveKeyAccessServerFromValueRequest.ProtoReflect.Descriptor instead. func (*RemoveKeyAccessServerFromValueRequest) Descriptor() ([]byte, []int) { - return file_policy_attributes_attributes_proto_rawDescGZIP(), []int{36} + return file_policy_attributes_attributes_proto_rawDescGZIP(), []int{38} } func (x *RemoveKeyAccessServerFromValueRequest) GetValueKeyAccessServer() *ValueKeyAccessServer { @@ -2237,7 +2341,7 @@ type RemoveKeyAccessServerFromValueResponse struct { func (x *RemoveKeyAccessServerFromValueResponse) Reset() { *x = RemoveKeyAccessServerFromValueResponse{} if protoimpl.UnsafeEnabled { - mi := &file_policy_attributes_attributes_proto_msgTypes[37] + mi := &file_policy_attributes_attributes_proto_msgTypes[39] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2250,7 +2354,7 @@ func (x *RemoveKeyAccessServerFromValueResponse) String() string { func (*RemoveKeyAccessServerFromValueResponse) ProtoMessage() {} func (x *RemoveKeyAccessServerFromValueResponse) ProtoReflect() protoreflect.Message { - mi := &file_policy_attributes_attributes_proto_msgTypes[37] + mi := &file_policy_attributes_attributes_proto_msgTypes[39] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2263,7 +2367,7 @@ func (x *RemoveKeyAccessServerFromValueResponse) ProtoReflect() protoreflect.Mes // Deprecated: Use RemoveKeyAccessServerFromValueResponse.ProtoReflect.Descriptor instead. func (*RemoveKeyAccessServerFromValueResponse) Descriptor() ([]byte, []int) { - return file_policy_attributes_attributes_proto_rawDescGZIP(), []int{37} + return file_policy_attributes_attributes_proto_rawDescGZIP(), []int{39} } func (x *RemoveKeyAccessServerFromValueResponse) GetValueKeyAccessServer() *ValueKeyAccessServer { @@ -2285,7 +2389,7 @@ type AssignPublicKeyToAttributeRequest struct { func (x *AssignPublicKeyToAttributeRequest) Reset() { *x = AssignPublicKeyToAttributeRequest{} if protoimpl.UnsafeEnabled { - mi := &file_policy_attributes_attributes_proto_msgTypes[38] + mi := &file_policy_attributes_attributes_proto_msgTypes[40] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2298,7 +2402,7 @@ func (x *AssignPublicKeyToAttributeRequest) String() string { func (*AssignPublicKeyToAttributeRequest) ProtoMessage() {} func (x *AssignPublicKeyToAttributeRequest) ProtoReflect() protoreflect.Message { - mi := &file_policy_attributes_attributes_proto_msgTypes[38] + mi := &file_policy_attributes_attributes_proto_msgTypes[40] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2311,7 +2415,7 @@ func (x *AssignPublicKeyToAttributeRequest) ProtoReflect() protoreflect.Message // Deprecated: Use AssignPublicKeyToAttributeRequest.ProtoReflect.Descriptor instead. func (*AssignPublicKeyToAttributeRequest) Descriptor() ([]byte, []int) { - return file_policy_attributes_attributes_proto_rawDescGZIP(), []int{38} + return file_policy_attributes_attributes_proto_rawDescGZIP(), []int{40} } func (x *AssignPublicKeyToAttributeRequest) GetAttributeKey() *AttributeKey { @@ -2333,7 +2437,7 @@ type AssignPublicKeyToAttributeResponse struct { func (x *AssignPublicKeyToAttributeResponse) Reset() { *x = AssignPublicKeyToAttributeResponse{} if protoimpl.UnsafeEnabled { - mi := &file_policy_attributes_attributes_proto_msgTypes[39] + mi := &file_policy_attributes_attributes_proto_msgTypes[41] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2346,7 +2450,7 @@ func (x *AssignPublicKeyToAttributeResponse) String() string { func (*AssignPublicKeyToAttributeResponse) ProtoMessage() {} func (x *AssignPublicKeyToAttributeResponse) ProtoReflect() protoreflect.Message { - mi := &file_policy_attributes_attributes_proto_msgTypes[39] + mi := &file_policy_attributes_attributes_proto_msgTypes[41] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2359,7 +2463,7 @@ func (x *AssignPublicKeyToAttributeResponse) ProtoReflect() protoreflect.Message // Deprecated: Use AssignPublicKeyToAttributeResponse.ProtoReflect.Descriptor instead. func (*AssignPublicKeyToAttributeResponse) Descriptor() ([]byte, []int) { - return file_policy_attributes_attributes_proto_rawDescGZIP(), []int{39} + return file_policy_attributes_attributes_proto_rawDescGZIP(), []int{41} } func (x *AssignPublicKeyToAttributeResponse) GetAttributeKey() *AttributeKey { @@ -2381,7 +2485,7 @@ type RemovePublicKeyFromAttributeRequest struct { func (x *RemovePublicKeyFromAttributeRequest) Reset() { *x = RemovePublicKeyFromAttributeRequest{} if protoimpl.UnsafeEnabled { - mi := &file_policy_attributes_attributes_proto_msgTypes[40] + mi := &file_policy_attributes_attributes_proto_msgTypes[42] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2394,7 +2498,7 @@ func (x *RemovePublicKeyFromAttributeRequest) String() string { func (*RemovePublicKeyFromAttributeRequest) ProtoMessage() {} func (x *RemovePublicKeyFromAttributeRequest) ProtoReflect() protoreflect.Message { - mi := &file_policy_attributes_attributes_proto_msgTypes[40] + mi := &file_policy_attributes_attributes_proto_msgTypes[42] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2407,7 +2511,7 @@ func (x *RemovePublicKeyFromAttributeRequest) ProtoReflect() protoreflect.Messag // Deprecated: Use RemovePublicKeyFromAttributeRequest.ProtoReflect.Descriptor instead. func (*RemovePublicKeyFromAttributeRequest) Descriptor() ([]byte, []int) { - return file_policy_attributes_attributes_proto_rawDescGZIP(), []int{40} + return file_policy_attributes_attributes_proto_rawDescGZIP(), []int{42} } func (x *RemovePublicKeyFromAttributeRequest) GetAttributeKey() *AttributeKey { @@ -2429,7 +2533,7 @@ type RemovePublicKeyFromAttributeResponse struct { func (x *RemovePublicKeyFromAttributeResponse) Reset() { *x = RemovePublicKeyFromAttributeResponse{} if protoimpl.UnsafeEnabled { - mi := &file_policy_attributes_attributes_proto_msgTypes[41] + mi := &file_policy_attributes_attributes_proto_msgTypes[43] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2442,7 +2546,7 @@ func (x *RemovePublicKeyFromAttributeResponse) String() string { func (*RemovePublicKeyFromAttributeResponse) ProtoMessage() {} func (x *RemovePublicKeyFromAttributeResponse) ProtoReflect() protoreflect.Message { - mi := &file_policy_attributes_attributes_proto_msgTypes[41] + mi := &file_policy_attributes_attributes_proto_msgTypes[43] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2455,7 +2559,7 @@ func (x *RemovePublicKeyFromAttributeResponse) ProtoReflect() protoreflect.Messa // Deprecated: Use RemovePublicKeyFromAttributeResponse.ProtoReflect.Descriptor instead. func (*RemovePublicKeyFromAttributeResponse) Descriptor() ([]byte, []int) { - return file_policy_attributes_attributes_proto_rawDescGZIP(), []int{41} + return file_policy_attributes_attributes_proto_rawDescGZIP(), []int{43} } func (x *RemovePublicKeyFromAttributeResponse) GetAttributeKey() *AttributeKey { @@ -2477,7 +2581,7 @@ type AssignPublicKeyToValueRequest struct { func (x *AssignPublicKeyToValueRequest) Reset() { *x = AssignPublicKeyToValueRequest{} if protoimpl.UnsafeEnabled { - mi := &file_policy_attributes_attributes_proto_msgTypes[42] + mi := &file_policy_attributes_attributes_proto_msgTypes[44] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2490,7 +2594,7 @@ func (x *AssignPublicKeyToValueRequest) String() string { func (*AssignPublicKeyToValueRequest) ProtoMessage() {} func (x *AssignPublicKeyToValueRequest) ProtoReflect() protoreflect.Message { - mi := &file_policy_attributes_attributes_proto_msgTypes[42] + mi := &file_policy_attributes_attributes_proto_msgTypes[44] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2503,7 +2607,7 @@ func (x *AssignPublicKeyToValueRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use AssignPublicKeyToValueRequest.ProtoReflect.Descriptor instead. func (*AssignPublicKeyToValueRequest) Descriptor() ([]byte, []int) { - return file_policy_attributes_attributes_proto_rawDescGZIP(), []int{42} + return file_policy_attributes_attributes_proto_rawDescGZIP(), []int{44} } func (x *AssignPublicKeyToValueRequest) GetValueKey() *ValueKey { @@ -2525,7 +2629,7 @@ type AssignPublicKeyToValueResponse struct { func (x *AssignPublicKeyToValueResponse) Reset() { *x = AssignPublicKeyToValueResponse{} if protoimpl.UnsafeEnabled { - mi := &file_policy_attributes_attributes_proto_msgTypes[43] + mi := &file_policy_attributes_attributes_proto_msgTypes[45] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2538,7 +2642,7 @@ func (x *AssignPublicKeyToValueResponse) String() string { func (*AssignPublicKeyToValueResponse) ProtoMessage() {} func (x *AssignPublicKeyToValueResponse) ProtoReflect() protoreflect.Message { - mi := &file_policy_attributes_attributes_proto_msgTypes[43] + mi := &file_policy_attributes_attributes_proto_msgTypes[45] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2551,7 +2655,7 @@ func (x *AssignPublicKeyToValueResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use AssignPublicKeyToValueResponse.ProtoReflect.Descriptor instead. func (*AssignPublicKeyToValueResponse) Descriptor() ([]byte, []int) { - return file_policy_attributes_attributes_proto_rawDescGZIP(), []int{43} + return file_policy_attributes_attributes_proto_rawDescGZIP(), []int{45} } func (x *AssignPublicKeyToValueResponse) GetValueKey() *ValueKey { @@ -2573,7 +2677,7 @@ type RemovePublicKeyFromValueRequest struct { func (x *RemovePublicKeyFromValueRequest) Reset() { *x = RemovePublicKeyFromValueRequest{} if protoimpl.UnsafeEnabled { - mi := &file_policy_attributes_attributes_proto_msgTypes[44] + mi := &file_policy_attributes_attributes_proto_msgTypes[46] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2586,7 +2690,7 @@ func (x *RemovePublicKeyFromValueRequest) String() string { func (*RemovePublicKeyFromValueRequest) ProtoMessage() {} func (x *RemovePublicKeyFromValueRequest) ProtoReflect() protoreflect.Message { - mi := &file_policy_attributes_attributes_proto_msgTypes[44] + mi := &file_policy_attributes_attributes_proto_msgTypes[46] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2599,7 +2703,7 @@ func (x *RemovePublicKeyFromValueRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use RemovePublicKeyFromValueRequest.ProtoReflect.Descriptor instead. func (*RemovePublicKeyFromValueRequest) Descriptor() ([]byte, []int) { - return file_policy_attributes_attributes_proto_rawDescGZIP(), []int{44} + return file_policy_attributes_attributes_proto_rawDescGZIP(), []int{46} } func (x *RemovePublicKeyFromValueRequest) GetValueKey() *ValueKey { @@ -2621,7 +2725,7 @@ type RemovePublicKeyFromValueResponse struct { func (x *RemovePublicKeyFromValueResponse) Reset() { *x = RemovePublicKeyFromValueResponse{} if protoimpl.UnsafeEnabled { - mi := &file_policy_attributes_attributes_proto_msgTypes[45] + mi := &file_policy_attributes_attributes_proto_msgTypes[47] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2634,7 +2738,7 @@ func (x *RemovePublicKeyFromValueResponse) String() string { func (*RemovePublicKeyFromValueResponse) ProtoMessage() {} func (x *RemovePublicKeyFromValueResponse) ProtoReflect() protoreflect.Message { - mi := &file_policy_attributes_attributes_proto_msgTypes[45] + mi := &file_policy_attributes_attributes_proto_msgTypes[47] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2647,7 +2751,7 @@ func (x *RemovePublicKeyFromValueResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use RemovePublicKeyFromValueResponse.ProtoReflect.Descriptor instead. func (*RemovePublicKeyFromValueResponse) Descriptor() ([]byte, []int) { - return file_policy_attributes_attributes_proto_rawDescGZIP(), []int{45} + return file_policy_attributes_attributes_proto_rawDescGZIP(), []int{47} } func (x *RemovePublicKeyFromValueResponse) GetValueKey() *ValueKey { @@ -2669,7 +2773,7 @@ type GetAttributeValuesByFqnsResponse_AttributeAndValue struct { func (x *GetAttributeValuesByFqnsResponse_AttributeAndValue) Reset() { *x = GetAttributeValuesByFqnsResponse_AttributeAndValue{} if protoimpl.UnsafeEnabled { - mi := &file_policy_attributes_attributes_proto_msgTypes[46] + mi := &file_policy_attributes_attributes_proto_msgTypes[48] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2682,7 +2786,7 @@ func (x *GetAttributeValuesByFqnsResponse_AttributeAndValue) String() string { func (*GetAttributeValuesByFqnsResponse_AttributeAndValue) ProtoMessage() {} func (x *GetAttributeValuesByFqnsResponse_AttributeAndValue) ProtoReflect() protoreflect.Message { - mi := &file_policy_attributes_attributes_proto_msgTypes[46] + mi := &file_policy_attributes_attributes_proto_msgTypes[48] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2729,7 +2833,7 @@ type GetKeyMappingsByFqnsResponse_AttributeKeyMapping struct { func (x *GetKeyMappingsByFqnsResponse_AttributeKeyMapping) Reset() { *x = GetKeyMappingsByFqnsResponse_AttributeKeyMapping{} if protoimpl.UnsafeEnabled { - mi := &file_policy_attributes_attributes_proto_msgTypes[48] + mi := &file_policy_attributes_attributes_proto_msgTypes[50] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2742,7 +2846,7 @@ func (x *GetKeyMappingsByFqnsResponse_AttributeKeyMapping) String() string { func (*GetKeyMappingsByFqnsResponse_AttributeKeyMapping) ProtoMessage() {} func (x *GetKeyMappingsByFqnsResponse_AttributeKeyMapping) ProtoReflect() protoreflect.Message { - mi := &file_policy_attributes_attributes_proto_msgTypes[48] + mi := &file_policy_attributes_attributes_proto_msgTypes[50] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2779,6 +2883,99 @@ func (x *GetKeyMappingsByFqnsResponse_AttributeKeyMapping) GetKeys() []*policy.S return nil } +type GetEntitleableAttributesByFqnsResponse_EntitleableAttribute struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // the attribute value FQN this entry is for + Fqn string `protobuf:"bytes,1,opt,name=fqn,proto3" json:"fqn,omitempty"` + // the parent attribute definition FQN + AttributeFqn string `protobuf:"bytes,2,opt,name=attribute_fqn,json=attributeFqn,proto3" json:"attribute_fqn,omitempty"` + // the attribute rule, which drives rule logic during decisioning + Rule policy.AttributeRuleTypeEnum `protobuf:"varint,3,opt,name=rule,proto3,enum=policy.AttributeRuleTypeEnum" json:"rule,omitempty"` + // identity of the attribute value + ValueId string `protobuf:"bytes,4,opt,name=value_id,json=valueId,proto3" json:"value_id,omitempty"` + // the definition's value FQNs in order, used for hierarchy rule expansion + DefinitionValueFqns []string `protobuf:"bytes,5,rep,name=definition_value_fqns,json=definitionValueFqns,proto3" json:"definition_value_fqns,omitempty"` + // subject mappings used to resolve entitlements for this value + SubjectMappings []*policy.SubjectMapping `protobuf:"bytes,6,rep,name=subject_mappings,json=subjectMappings,proto3" json:"subject_mappings,omitempty"` +} + +func (x *GetEntitleableAttributesByFqnsResponse_EntitleableAttribute) Reset() { + *x = GetEntitleableAttributesByFqnsResponse_EntitleableAttribute{} + if protoimpl.UnsafeEnabled { + mi := &file_policy_attributes_attributes_proto_msgTypes[52] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *GetEntitleableAttributesByFqnsResponse_EntitleableAttribute) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*GetEntitleableAttributesByFqnsResponse_EntitleableAttribute) ProtoMessage() {} + +func (x *GetEntitleableAttributesByFqnsResponse_EntitleableAttribute) ProtoReflect() protoreflect.Message { + mi := &file_policy_attributes_attributes_proto_msgTypes[52] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use GetEntitleableAttributesByFqnsResponse_EntitleableAttribute.ProtoReflect.Descriptor instead. +func (*GetEntitleableAttributesByFqnsResponse_EntitleableAttribute) Descriptor() ([]byte, []int) { + return file_policy_attributes_attributes_proto_rawDescGZIP(), []int{31, 0} +} + +func (x *GetEntitleableAttributesByFqnsResponse_EntitleableAttribute) GetFqn() string { + if x != nil { + return x.Fqn + } + return "" +} + +func (x *GetEntitleableAttributesByFqnsResponse_EntitleableAttribute) GetAttributeFqn() string { + if x != nil { + return x.AttributeFqn + } + return "" +} + +func (x *GetEntitleableAttributesByFqnsResponse_EntitleableAttribute) GetRule() policy.AttributeRuleTypeEnum { + if x != nil { + return x.Rule + } + return policy.AttributeRuleTypeEnum(0) +} + +func (x *GetEntitleableAttributesByFqnsResponse_EntitleableAttribute) GetValueId() string { + if x != nil { + return x.ValueId + } + return "" +} + +func (x *GetEntitleableAttributesByFqnsResponse_EntitleableAttribute) GetDefinitionValueFqns() []string { + if x != nil { + return x.DefinitionValueFqns + } + return nil +} + +func (x *GetEntitleableAttributesByFqnsResponse_EntitleableAttribute) GetSubjectMappings() []*policy.SubjectMapping { + if x != nil { + return x.SubjectMappings + } + return nil +} + var File_policy_attributes_attributes_proto protoreflect.FileDescriptor var file_policy_attributes_attributes_proto_rawDesc = []byte{ @@ -3153,6 +3350,50 @@ var file_policy_attributes_attributes_proto_rawDesc = []byte{ 0x6e, 0x67, 0x73, 0x42, 0x79, 0x46, 0x71, 0x6e, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x2e, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, + 0x22, 0x48, 0x0a, 0x25, 0x47, 0x65, 0x74, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x6c, 0x65, 0x61, 0x62, + 0x6c, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x42, 0x79, 0x46, 0x71, + 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1f, 0x0a, 0x04, 0x66, 0x71, 0x6e, + 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x42, 0x0b, 0xba, 0x48, 0x08, 0x92, 0x01, 0x05, 0x08, + 0x01, 0x10, 0xfa, 0x01, 0x52, 0x04, 0x66, 0x71, 0x6e, 0x73, 0x22, 0xf3, 0x04, 0x0a, 0x26, 0x47, + 0x65, 0x74, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x6c, 0x65, 0x61, 0x62, 0x6c, 0x65, 0x41, 0x74, 0x74, + 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x42, 0x79, 0x46, 0x71, 0x6e, 0x73, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x95, 0x01, 0x0a, 0x1a, 0x66, 0x71, 0x6e, 0x5f, 0x65, 0x6e, + 0x74, 0x69, 0x74, 0x6c, 0x65, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, + 0x75, 0x74, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x57, 0x2e, 0x70, 0x6f, 0x6c, + 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x47, + 0x65, 0x74, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x6c, 0x65, 0x61, 0x62, 0x6c, 0x65, 0x41, 0x74, 0x74, + 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x42, 0x79, 0x46, 0x71, 0x6e, 0x73, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x2e, 0x46, 0x71, 0x6e, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x6c, 0x65, + 0x61, 0x62, 0x6c, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x45, 0x6e, + 0x74, 0x72, 0x79, 0x52, 0x18, 0x66, 0x71, 0x6e, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x6c, 0x65, 0x61, + 0x62, 0x6c, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x1a, 0x92, 0x02, + 0x0a, 0x14, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x6c, 0x65, 0x61, 0x62, 0x6c, 0x65, 0x41, 0x74, 0x74, + 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x66, 0x71, 0x6e, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x03, 0x66, 0x71, 0x6e, 0x12, 0x23, 0x0a, 0x0d, 0x61, 0x74, 0x74, 0x72, + 0x69, 0x62, 0x75, 0x74, 0x65, 0x5f, 0x66, 0x71, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0c, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x46, 0x71, 0x6e, 0x12, 0x31, 0x0a, + 0x04, 0x72, 0x75, 0x6c, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1d, 0x2e, 0x70, 0x6f, + 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, 0x75, + 0x6c, 0x65, 0x54, 0x79, 0x70, 0x65, 0x45, 0x6e, 0x75, 0x6d, 0x52, 0x04, 0x72, 0x75, 0x6c, 0x65, + 0x12, 0x19, 0x0a, 0x08, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x04, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x07, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x49, 0x64, 0x12, 0x32, 0x0a, 0x15, 0x64, + 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x5f, + 0x66, 0x71, 0x6e, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x13, 0x64, 0x65, 0x66, 0x69, + 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x46, 0x71, 0x6e, 0x73, 0x12, + 0x41, 0x0a, 0x10, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x6d, 0x61, 0x70, 0x70, 0x69, + 0x6e, 0x67, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x70, 0x6f, 0x6c, 0x69, + 0x63, 0x79, 0x2e, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, + 0x67, 0x52, 0x0f, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, + 0x67, 0x73, 0x1a, 0x9b, 0x01, 0x0a, 0x1d, 0x46, 0x71, 0x6e, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x6c, + 0x65, 0x61, 0x62, 0x6c, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x45, + 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x64, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x4e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, + 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x47, 0x65, 0x74, 0x45, 0x6e, 0x74, + 0x69, 0x74, 0x6c, 0x65, 0x61, 0x62, 0x6c, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, + 0x65, 0x73, 0x42, 0x79, 0x46, 0x71, 0x6e, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x2e, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x6c, 0x65, 0x61, 0x62, 0x6c, 0x65, 0x41, 0x74, 0x74, 0x72, + 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x99, 0x01, 0x0a, 0x27, 0x41, 0x73, 0x73, 0x69, 0x67, 0x6e, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x6f, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x6a, 0x0a, 0x1b, @@ -3290,7 +3531,7 @@ var file_policy_attributes_attributes_proto_rawDesc = []byte{ 0x54, 0x59, 0x50, 0x45, 0x5f, 0x43, 0x52, 0x45, 0x41, 0x54, 0x45, 0x44, 0x5f, 0x41, 0x54, 0x10, 0x02, 0x12, 0x23, 0x0a, 0x1f, 0x53, 0x4f, 0x52, 0x54, 0x5f, 0x41, 0x54, 0x54, 0x52, 0x49, 0x42, 0x55, 0x54, 0x45, 0x53, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x50, 0x44, 0x41, 0x54, 0x45, - 0x44, 0x5f, 0x41, 0x54, 0x10, 0x03, 0x32, 0xda, 0x14, 0x0a, 0x11, 0x41, 0x74, 0x74, 0x72, 0x69, + 0x44, 0x5f, 0x41, 0x54, 0x10, 0x03, 0x32, 0xf7, 0x15, 0x0a, 0x11, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x6a, 0x0a, 0x0e, 0x4c, 0x69, 0x73, 0x74, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x12, 0x28, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, @@ -3329,147 +3570,157 @@ var file_policy_attributes_attributes_proto_rawDesc = []byte{ 0x2f, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x47, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x42, 0x79, 0x46, 0x71, 0x6e, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, - 0x22, 0x03, 0x90, 0x02, 0x01, 0x12, 0x6a, 0x0a, 0x0f, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x41, - 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x12, 0x29, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, - 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x43, 0x72, 0x65, - 0x61, 0x74, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x1a, 0x2a, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, - 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x41, 0x74, - 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, - 0x00, 0x12, 0x6a, 0x0a, 0x0f, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, - 0x62, 0x75, 0x74, 0x65, 0x12, 0x29, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, - 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x41, - 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, - 0x2a, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, - 0x74, 0x65, 0x73, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, - 0x75, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x76, 0x0a, - 0x13, 0x44, 0x65, 0x61, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, - 0x62, 0x75, 0x74, 0x65, 0x12, 0x2d, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, - 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x44, 0x65, 0x61, 0x63, 0x74, 0x69, 0x76, - 0x61, 0x74, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x1a, 0x2e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, - 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x44, 0x65, 0x61, 0x63, 0x74, 0x69, 0x76, 0x61, - 0x74, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, - 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x73, 0x0a, 0x11, 0x47, 0x65, 0x74, 0x41, 0x74, 0x74, 0x72, - 0x69, 0x62, 0x75, 0x74, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x2b, 0x2e, 0x70, 0x6f, 0x6c, - 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x47, - 0x65, 0x74, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2c, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, - 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x47, 0x65, 0x74, 0x41, - 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, 0x73, - 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x03, 0x90, 0x02, 0x01, 0x12, 0x79, 0x0a, 0x14, 0x43, 0x72, - 0x65, 0x61, 0x74, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x56, 0x61, 0x6c, - 0x75, 0x65, 0x12, 0x2e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, - 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x41, 0x74, 0x74, - 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x1a, 0x2f, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, - 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x41, 0x74, 0x74, - 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, - 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x79, 0x0a, 0x14, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x41, - 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x2e, 0x2e, - 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, - 0x73, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, - 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2f, 0x2e, - 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, - 0x73, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, - 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, - 0x12, 0x85, 0x01, 0x0a, 0x18, 0x44, 0x65, 0x61, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x41, - 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x32, 0x2e, - 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, - 0x73, 0x2e, 0x44, 0x65, 0x61, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x41, 0x74, 0x74, 0x72, - 0x69, 0x62, 0x75, 0x74, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x1a, 0x33, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, + 0x22, 0x03, 0x90, 0x02, 0x01, 0x12, 0x9a, 0x01, 0x0a, 0x1e, 0x47, 0x65, 0x74, 0x45, 0x6e, 0x74, + 0x69, 0x74, 0x6c, 0x65, 0x61, 0x62, 0x6c, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, + 0x65, 0x73, 0x42, 0x79, 0x46, 0x71, 0x6e, 0x73, 0x12, 0x38, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, + 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x47, 0x65, 0x74, + 0x45, 0x6e, 0x74, 0x69, 0x74, 0x6c, 0x65, 0x61, 0x62, 0x6c, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, + 0x62, 0x75, 0x74, 0x65, 0x73, 0x42, 0x79, 0x46, 0x71, 0x6e, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x1a, 0x39, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, + 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x47, 0x65, 0x74, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x6c, + 0x65, 0x61, 0x62, 0x6c, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x42, + 0x79, 0x46, 0x71, 0x6e, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x03, 0x90, + 0x02, 0x01, 0x12, 0x6a, 0x0a, 0x0f, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x41, 0x74, 0x74, 0x72, + 0x69, 0x62, 0x75, 0x74, 0x65, 0x12, 0x29, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, + 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, + 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x1a, 0x2a, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, + 0x75, 0x74, 0x65, 0x73, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, + 0x62, 0x75, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x6a, + 0x0a, 0x0f, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, + 0x65, 0x12, 0x29, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, + 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x41, 0x74, 0x74, 0x72, + 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2a, 0x2e, 0x70, + 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, + 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x76, 0x0a, 0x13, 0x44, 0x65, + 0x61, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, + 0x65, 0x12, 0x2d, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x44, 0x65, 0x61, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, - 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0xa0, 0x01, 0x0a, 0x20, 0x41, 0x73, 0x73, - 0x69, 0x67, 0x6e, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, - 0x65, 0x72, 0x54, 0x6f, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x12, 0x3a, 0x2e, - 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, - 0x73, 0x2e, 0x41, 0x73, 0x73, 0x69, 0x67, 0x6e, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, - 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x6f, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, - 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3b, 0x2e, 0x70, 0x6f, 0x6c, 0x69, - 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x41, 0x73, - 0x73, 0x69, 0x67, 0x6e, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, - 0x76, 0x65, 0x72, 0x54, 0x6f, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x03, 0x88, 0x02, 0x01, 0x12, 0xa6, 0x01, 0x0a, 0x22, - 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, - 0x65, 0x72, 0x76, 0x65, 0x72, 0x46, 0x72, 0x6f, 0x6d, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, - 0x74, 0x65, 0x12, 0x3c, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, - 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x4b, 0x65, 0x79, - 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x46, 0x72, 0x6f, 0x6d, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x1a, 0x3d, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, - 0x75, 0x74, 0x65, 0x73, 0x2e, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x4b, 0x65, 0x79, 0x41, 0x63, - 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x46, 0x72, 0x6f, 0x6d, 0x41, 0x74, - 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, - 0x03, 0x88, 0x02, 0x01, 0x12, 0x94, 0x01, 0x0a, 0x1c, 0x41, 0x73, 0x73, 0x69, 0x67, 0x6e, 0x4b, - 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x6f, - 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x36, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, - 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x41, 0x73, 0x73, 0x69, 0x67, 0x6e, - 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, - 0x6f, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x37, 0x2e, - 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, - 0x73, 0x2e, 0x41, 0x73, 0x73, 0x69, 0x67, 0x6e, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, - 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x6f, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x03, 0x88, 0x02, 0x01, 0x12, 0x9a, 0x01, 0x0a, 0x1e, - 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, - 0x65, 0x72, 0x76, 0x65, 0x72, 0x46, 0x72, 0x6f, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x38, + 0x1a, 0x2e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, + 0x75, 0x74, 0x65, 0x73, 0x2e, 0x44, 0x65, 0x61, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x41, + 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x22, 0x00, 0x12, 0x73, 0x0a, 0x11, 0x47, 0x65, 0x74, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, + 0x74, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x2b, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, + 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x47, 0x65, 0x74, 0x41, + 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2c, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, + 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x47, 0x65, 0x74, 0x41, 0x74, 0x74, 0x72, + 0x69, 0x62, 0x75, 0x74, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x22, 0x03, 0x90, 0x02, 0x01, 0x12, 0x79, 0x0a, 0x14, 0x43, 0x72, 0x65, 0x61, 0x74, + 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, + 0x2e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, + 0x74, 0x65, 0x73, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, + 0x75, 0x74, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, + 0x2f, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, + 0x74, 0x65, 0x73, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, + 0x75, 0x74, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x22, 0x00, 0x12, 0x79, 0x0a, 0x14, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x41, 0x74, 0x74, 0x72, + 0x69, 0x62, 0x75, 0x74, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x2e, 0x2e, 0x70, 0x6f, 0x6c, + 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x55, + 0x70, 0x64, 0x61, 0x74, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x56, 0x61, + 0x6c, 0x75, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2f, 0x2e, 0x70, 0x6f, 0x6c, + 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x55, + 0x70, 0x64, 0x61, 0x74, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x56, 0x61, + 0x6c, 0x75, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x85, 0x01, + 0x0a, 0x18, 0x44, 0x65, 0x61, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x41, 0x74, 0x74, 0x72, + 0x69, 0x62, 0x75, 0x74, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x32, 0x2e, 0x70, 0x6f, 0x6c, + 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x44, + 0x65, 0x61, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, + 0x74, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x33, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, - 0x65, 0x73, 0x2e, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, - 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x46, 0x72, 0x6f, 0x6d, 0x56, 0x61, 0x6c, 0x75, - 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x39, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, - 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x52, 0x65, 0x6d, + 0x65, 0x73, 0x2e, 0x44, 0x65, 0x61, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x41, 0x74, 0x74, + 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, + 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0xa0, 0x01, 0x0a, 0x20, 0x41, 0x73, 0x73, 0x69, 0x67, 0x6e, + 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, + 0x6f, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x12, 0x3a, 0x2e, 0x70, 0x6f, 0x6c, + 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x41, + 0x73, 0x73, 0x69, 0x67, 0x6e, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, + 0x72, 0x76, 0x65, 0x72, 0x54, 0x6f, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3b, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, + 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x41, 0x73, 0x73, 0x69, 0x67, + 0x6e, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, + 0x54, 0x6f, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, + 0x6e, 0x73, 0x65, 0x22, 0x03, 0x88, 0x02, 0x01, 0x12, 0xa6, 0x01, 0x0a, 0x22, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, - 0x65, 0x72, 0x46, 0x72, 0x6f, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, - 0x6e, 0x73, 0x65, 0x22, 0x03, 0x88, 0x02, 0x01, 0x12, 0x8b, 0x01, 0x0a, 0x1a, 0x41, 0x73, 0x73, - 0x69, 0x67, 0x6e, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x54, 0x6f, 0x41, 0x74, - 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x12, 0x34, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, - 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x41, 0x73, 0x73, 0x69, - 0x67, 0x6e, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x54, 0x6f, 0x41, 0x74, 0x74, - 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x35, 0x2e, + 0x65, 0x72, 0x46, 0x72, 0x6f, 0x6d, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x12, + 0x3c, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, + 0x74, 0x65, 0x73, 0x2e, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, + 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x46, 0x72, 0x6f, 0x6d, 0x41, 0x74, 0x74, + 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3d, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, - 0x73, 0x2e, 0x41, 0x73, 0x73, 0x69, 0x67, 0x6e, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, - 0x79, 0x54, 0x6f, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x91, 0x01, 0x0a, 0x1c, 0x52, 0x65, 0x6d, 0x6f, 0x76, - 0x65, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x46, 0x72, 0x6f, 0x6d, 0x41, 0x74, - 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x12, 0x36, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, - 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x52, 0x65, 0x6d, 0x6f, - 0x76, 0x65, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x46, 0x72, 0x6f, 0x6d, 0x41, - 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, - 0x37, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, - 0x74, 0x65, 0x73, 0x2e, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, - 0x4b, 0x65, 0x79, 0x46, 0x72, 0x6f, 0x6d, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, - 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x7f, 0x0a, 0x16, 0x41, 0x73, - 0x73, 0x69, 0x67, 0x6e, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x54, 0x6f, 0x56, - 0x61, 0x6c, 0x75, 0x65, 0x12, 0x30, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, + 0x73, 0x2e, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, + 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x46, 0x72, 0x6f, 0x6d, 0x41, 0x74, 0x74, 0x72, 0x69, + 0x62, 0x75, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x03, 0x88, 0x02, + 0x01, 0x12, 0x94, 0x01, 0x0a, 0x1c, 0x41, 0x73, 0x73, 0x69, 0x67, 0x6e, 0x4b, 0x65, 0x79, 0x41, + 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x6f, 0x56, 0x61, 0x6c, + 0x75, 0x65, 0x12, 0x36, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, + 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x41, 0x73, 0x73, 0x69, 0x67, 0x6e, 0x4b, 0x65, 0x79, + 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x6f, 0x56, 0x61, + 0x6c, 0x75, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x37, 0x2e, 0x70, 0x6f, 0x6c, + 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x41, + 0x73, 0x73, 0x69, 0x67, 0x6e, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, + 0x72, 0x76, 0x65, 0x72, 0x54, 0x6f, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, + 0x6e, 0x73, 0x65, 0x22, 0x03, 0x88, 0x02, 0x01, 0x12, 0x9a, 0x01, 0x0a, 0x1e, 0x52, 0x65, 0x6d, + 0x6f, 0x76, 0x65, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, + 0x65, 0x72, 0x46, 0x72, 0x6f, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x38, 0x2e, 0x70, 0x6f, + 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, + 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, + 0x65, 0x72, 0x76, 0x65, 0x72, 0x46, 0x72, 0x6f, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x39, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, + 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, + 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x46, + 0x72, 0x6f, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x22, 0x03, 0x88, 0x02, 0x01, 0x12, 0x8b, 0x01, 0x0a, 0x1a, 0x41, 0x73, 0x73, 0x69, 0x67, 0x6e, + 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x54, 0x6f, 0x41, 0x74, 0x74, 0x72, 0x69, + 0x62, 0x75, 0x74, 0x65, 0x12, 0x34, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x41, 0x73, 0x73, 0x69, 0x67, 0x6e, 0x50, - 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x54, 0x6f, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x31, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, - 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x41, 0x73, 0x73, 0x69, 0x67, - 0x6e, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x54, 0x6f, 0x56, 0x61, 0x6c, 0x75, - 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x85, 0x01, 0x0a, 0x18, - 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x46, - 0x72, 0x6f, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x32, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, - 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x52, 0x65, 0x6d, - 0x6f, 0x76, 0x65, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x46, 0x72, 0x6f, 0x6d, - 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x33, 0x2e, 0x70, + 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x54, 0x6f, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, + 0x75, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x35, 0x2e, 0x70, 0x6f, 0x6c, + 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x41, + 0x73, 0x73, 0x69, 0x67, 0x6e, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x54, 0x6f, + 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x22, 0x00, 0x12, 0x91, 0x01, 0x0a, 0x1c, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x50, 0x75, + 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x46, 0x72, 0x6f, 0x6d, 0x41, 0x74, 0x74, 0x72, 0x69, + 0x62, 0x75, 0x74, 0x65, 0x12, 0x36, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, + 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x50, + 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x46, 0x72, 0x6f, 0x6d, 0x41, 0x74, 0x74, 0x72, + 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x37, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, - 0x46, 0x72, 0x6f, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x22, 0x00, 0x42, 0xc8, 0x01, 0x0a, 0x15, 0x63, 0x6f, 0x6d, 0x2e, 0x70, 0x6f, 0x6c, 0x69, - 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x42, 0x0f, 0x41, - 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, - 0x5a, 0x39, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x70, 0x65, - 0x6e, 0x74, 0x64, 0x66, 0x2f, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x2f, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2f, 0x67, 0x6f, 0x2f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, - 0x2f, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0xa2, 0x02, 0x03, 0x50, 0x41, - 0x58, 0xaa, 0x02, 0x11, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x41, 0x74, 0x74, 0x72, 0x69, - 0x62, 0x75, 0x74, 0x65, 0x73, 0xca, 0x02, 0x11, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x5c, 0x41, - 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0xe2, 0x02, 0x1d, 0x50, 0x6f, 0x6c, 0x69, - 0x63, 0x79, 0x5c, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x5c, 0x47, 0x50, - 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x12, 0x50, 0x6f, 0x6c, 0x69, - 0x63, 0x79, 0x3a, 0x3a, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x62, 0x06, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x46, 0x72, 0x6f, 0x6d, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x7f, 0x0a, 0x16, 0x41, 0x73, 0x73, 0x69, 0x67, + 0x6e, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x54, 0x6f, 0x56, 0x61, 0x6c, 0x75, + 0x65, 0x12, 0x30, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, + 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x41, 0x73, 0x73, 0x69, 0x67, 0x6e, 0x50, 0x75, 0x62, 0x6c, + 0x69, 0x63, 0x4b, 0x65, 0x79, 0x54, 0x6f, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x1a, 0x31, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, + 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x41, 0x73, 0x73, 0x69, 0x67, 0x6e, 0x50, 0x75, + 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x54, 0x6f, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x85, 0x01, 0x0a, 0x18, 0x52, 0x65, 0x6d, + 0x6f, 0x76, 0x65, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x46, 0x72, 0x6f, 0x6d, + 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x32, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x61, + 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, + 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x46, 0x72, 0x6f, 0x6d, 0x56, 0x61, 0x6c, + 0x75, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x33, 0x2e, 0x70, 0x6f, 0x6c, 0x69, + 0x63, 0x79, 0x2e, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x52, 0x65, + 0x6d, 0x6f, 0x76, 0x65, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x46, 0x72, 0x6f, + 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, + 0x42, 0xc8, 0x01, 0x0a, 0x15, 0x63, 0x6f, 0x6d, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, + 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x42, 0x0f, 0x41, 0x74, 0x74, 0x72, + 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x39, 0x67, + 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x70, 0x65, 0x6e, 0x74, 0x64, + 0x66, 0x2f, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x63, 0x6f, 0x6c, 0x2f, 0x67, 0x6f, 0x2f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2f, 0x61, 0x74, + 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0xa2, 0x02, 0x03, 0x50, 0x41, 0x58, 0xaa, 0x02, + 0x11, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, + 0x65, 0x73, 0xca, 0x02, 0x11, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x5c, 0x41, 0x74, 0x74, 0x72, + 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0xe2, 0x02, 0x1d, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x5c, + 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, + 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x12, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x3a, + 0x3a, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x33, } var ( @@ -3485,7 +3736,7 @@ func file_policy_attributes_attributes_proto_rawDescGZIP() []byte { } var file_policy_attributes_attributes_proto_enumTypes = make([]protoimpl.EnumInfo, 1) -var file_policy_attributes_attributes_proto_msgTypes = make([]protoimpl.MessageInfo, 50) +var file_policy_attributes_attributes_proto_msgTypes = make([]protoimpl.MessageInfo, 54) var file_policy_attributes_attributes_proto_goTypes = []interface{}{ (SortAttributesType)(0), // 0: policy.attributes.SortAttributesType (*AttributeKeyAccessServer)(nil), // 1: policy.attributes.AttributeKeyAccessServer @@ -3518,145 +3769,156 @@ var file_policy_attributes_attributes_proto_goTypes = []interface{}{ (*GetAttributeValuesByFqnsResponse)(nil), // 28: policy.attributes.GetAttributeValuesByFqnsResponse (*GetKeyMappingsByFqnsRequest)(nil), // 29: policy.attributes.GetKeyMappingsByFqnsRequest (*GetKeyMappingsByFqnsResponse)(nil), // 30: policy.attributes.GetKeyMappingsByFqnsResponse - (*AssignKeyAccessServerToAttributeRequest)(nil), // 31: policy.attributes.AssignKeyAccessServerToAttributeRequest - (*AssignKeyAccessServerToAttributeResponse)(nil), // 32: policy.attributes.AssignKeyAccessServerToAttributeResponse - (*RemoveKeyAccessServerFromAttributeRequest)(nil), // 33: policy.attributes.RemoveKeyAccessServerFromAttributeRequest - (*RemoveKeyAccessServerFromAttributeResponse)(nil), // 34: policy.attributes.RemoveKeyAccessServerFromAttributeResponse - (*AssignKeyAccessServerToValueRequest)(nil), // 35: policy.attributes.AssignKeyAccessServerToValueRequest - (*AssignKeyAccessServerToValueResponse)(nil), // 36: policy.attributes.AssignKeyAccessServerToValueResponse - (*RemoveKeyAccessServerFromValueRequest)(nil), // 37: policy.attributes.RemoveKeyAccessServerFromValueRequest - (*RemoveKeyAccessServerFromValueResponse)(nil), // 38: policy.attributes.RemoveKeyAccessServerFromValueResponse - (*AssignPublicKeyToAttributeRequest)(nil), // 39: policy.attributes.AssignPublicKeyToAttributeRequest - (*AssignPublicKeyToAttributeResponse)(nil), // 40: policy.attributes.AssignPublicKeyToAttributeResponse - (*RemovePublicKeyFromAttributeRequest)(nil), // 41: policy.attributes.RemovePublicKeyFromAttributeRequest - (*RemovePublicKeyFromAttributeResponse)(nil), // 42: policy.attributes.RemovePublicKeyFromAttributeResponse - (*AssignPublicKeyToValueRequest)(nil), // 43: policy.attributes.AssignPublicKeyToValueRequest - (*AssignPublicKeyToValueResponse)(nil), // 44: policy.attributes.AssignPublicKeyToValueResponse - (*RemovePublicKeyFromValueRequest)(nil), // 45: policy.attributes.RemovePublicKeyFromValueRequest - (*RemovePublicKeyFromValueResponse)(nil), // 46: policy.attributes.RemovePublicKeyFromValueResponse - (*GetAttributeValuesByFqnsResponse_AttributeAndValue)(nil), // 47: policy.attributes.GetAttributeValuesByFqnsResponse.AttributeAndValue - nil, // 48: policy.attributes.GetAttributeValuesByFqnsResponse.FqnAttributeValuesEntry - (*GetKeyMappingsByFqnsResponse_AttributeKeyMapping)(nil), // 49: policy.attributes.GetKeyMappingsByFqnsResponse.AttributeKeyMapping - nil, // 50: policy.attributes.GetKeyMappingsByFqnsResponse.FqnKeyMappingsEntry - (policy.SortDirection)(0), // 51: policy.SortDirection - (common.ActiveStateEnum)(0), // 52: common.ActiveStateEnum - (*policy.PageRequest)(nil), // 53: policy.PageRequest - (*policy.Search)(nil), // 54: policy.Search - (*policy.Attribute)(nil), // 55: policy.Attribute - (*policy.PageResponse)(nil), // 56: policy.PageResponse - (policy.AttributeRuleTypeEnum)(0), // 57: policy.AttributeRuleTypeEnum - (*wrapperspb.BoolValue)(nil), // 58: google.protobuf.BoolValue - (*common.MetadataMutable)(nil), // 59: common.MetadataMutable - (common.MetadataUpdateEnum)(0), // 60: common.MetadataUpdateEnum - (*policy.Value)(nil), // 61: policy.Value - (*common.IdFqnIdentifier)(nil), // 62: common.IdFqnIdentifier - (*common.IdNameIdentifier)(nil), // 63: common.IdNameIdentifier - (*policy.RequestContext)(nil), // 64: policy.RequestContext - (*policy.SimpleKasKey)(nil), // 65: policy.SimpleKasKey + (*GetEntitleableAttributesByFqnsRequest)(nil), // 31: policy.attributes.GetEntitleableAttributesByFqnsRequest + (*GetEntitleableAttributesByFqnsResponse)(nil), // 32: policy.attributes.GetEntitleableAttributesByFqnsResponse + (*AssignKeyAccessServerToAttributeRequest)(nil), // 33: policy.attributes.AssignKeyAccessServerToAttributeRequest + (*AssignKeyAccessServerToAttributeResponse)(nil), // 34: policy.attributes.AssignKeyAccessServerToAttributeResponse + (*RemoveKeyAccessServerFromAttributeRequest)(nil), // 35: policy.attributes.RemoveKeyAccessServerFromAttributeRequest + (*RemoveKeyAccessServerFromAttributeResponse)(nil), // 36: policy.attributes.RemoveKeyAccessServerFromAttributeResponse + (*AssignKeyAccessServerToValueRequest)(nil), // 37: policy.attributes.AssignKeyAccessServerToValueRequest + (*AssignKeyAccessServerToValueResponse)(nil), // 38: policy.attributes.AssignKeyAccessServerToValueResponse + (*RemoveKeyAccessServerFromValueRequest)(nil), // 39: policy.attributes.RemoveKeyAccessServerFromValueRequest + (*RemoveKeyAccessServerFromValueResponse)(nil), // 40: policy.attributes.RemoveKeyAccessServerFromValueResponse + (*AssignPublicKeyToAttributeRequest)(nil), // 41: policy.attributes.AssignPublicKeyToAttributeRequest + (*AssignPublicKeyToAttributeResponse)(nil), // 42: policy.attributes.AssignPublicKeyToAttributeResponse + (*RemovePublicKeyFromAttributeRequest)(nil), // 43: policy.attributes.RemovePublicKeyFromAttributeRequest + (*RemovePublicKeyFromAttributeResponse)(nil), // 44: policy.attributes.RemovePublicKeyFromAttributeResponse + (*AssignPublicKeyToValueRequest)(nil), // 45: policy.attributes.AssignPublicKeyToValueRequest + (*AssignPublicKeyToValueResponse)(nil), // 46: policy.attributes.AssignPublicKeyToValueResponse + (*RemovePublicKeyFromValueRequest)(nil), // 47: policy.attributes.RemovePublicKeyFromValueRequest + (*RemovePublicKeyFromValueResponse)(nil), // 48: policy.attributes.RemovePublicKeyFromValueResponse + (*GetAttributeValuesByFqnsResponse_AttributeAndValue)(nil), // 49: policy.attributes.GetAttributeValuesByFqnsResponse.AttributeAndValue + nil, // 50: policy.attributes.GetAttributeValuesByFqnsResponse.FqnAttributeValuesEntry + (*GetKeyMappingsByFqnsResponse_AttributeKeyMapping)(nil), // 51: policy.attributes.GetKeyMappingsByFqnsResponse.AttributeKeyMapping + nil, // 52: policy.attributes.GetKeyMappingsByFqnsResponse.FqnKeyMappingsEntry + (*GetEntitleableAttributesByFqnsResponse_EntitleableAttribute)(nil), // 53: policy.attributes.GetEntitleableAttributesByFqnsResponse.EntitleableAttribute + nil, // 54: policy.attributes.GetEntitleableAttributesByFqnsResponse.FqnEntitleableAttributesEntry + (policy.SortDirection)(0), // 55: policy.SortDirection + (common.ActiveStateEnum)(0), // 56: common.ActiveStateEnum + (*policy.PageRequest)(nil), // 57: policy.PageRequest + (*policy.Search)(nil), // 58: policy.Search + (*policy.Attribute)(nil), // 59: policy.Attribute + (*policy.PageResponse)(nil), // 60: policy.PageResponse + (policy.AttributeRuleTypeEnum)(0), // 61: policy.AttributeRuleTypeEnum + (*wrapperspb.BoolValue)(nil), // 62: google.protobuf.BoolValue + (*common.MetadataMutable)(nil), // 63: common.MetadataMutable + (common.MetadataUpdateEnum)(0), // 64: common.MetadataUpdateEnum + (*policy.Value)(nil), // 65: policy.Value + (*common.IdFqnIdentifier)(nil), // 66: common.IdFqnIdentifier + (*common.IdNameIdentifier)(nil), // 67: common.IdNameIdentifier + (*policy.RequestContext)(nil), // 68: policy.RequestContext + (*policy.SimpleKasKey)(nil), // 69: policy.SimpleKasKey + (*policy.SubjectMapping)(nil), // 70: policy.SubjectMapping } var file_policy_attributes_attributes_proto_depIdxs = []int32{ 0, // 0: policy.attributes.AttributesSort.field:type_name -> policy.attributes.SortAttributesType - 51, // 1: policy.attributes.AttributesSort.direction:type_name -> policy.SortDirection - 52, // 2: policy.attributes.ListAttributesRequest.state:type_name -> common.ActiveStateEnum - 53, // 3: policy.attributes.ListAttributesRequest.pagination:type_name -> policy.PageRequest + 55, // 1: policy.attributes.AttributesSort.direction:type_name -> policy.SortDirection + 56, // 2: policy.attributes.ListAttributesRequest.state:type_name -> common.ActiveStateEnum + 57, // 3: policy.attributes.ListAttributesRequest.pagination:type_name -> policy.PageRequest 5, // 4: policy.attributes.ListAttributesRequest.sort:type_name -> policy.attributes.AttributesSort - 54, // 5: policy.attributes.ListAttributesRequest.search:type_name -> policy.Search - 55, // 6: policy.attributes.ListAttributesResponse.attributes:type_name -> policy.Attribute - 56, // 7: policy.attributes.ListAttributesResponse.pagination:type_name -> policy.PageResponse - 55, // 8: policy.attributes.GetAttributeResponse.attribute:type_name -> policy.Attribute - 57, // 9: policy.attributes.CreateAttributeRequest.rule:type_name -> policy.AttributeRuleTypeEnum - 58, // 10: policy.attributes.CreateAttributeRequest.allow_traversal:type_name -> google.protobuf.BoolValue - 59, // 11: policy.attributes.CreateAttributeRequest.metadata:type_name -> common.MetadataMutable - 55, // 12: policy.attributes.CreateAttributeResponse.attribute:type_name -> policy.Attribute - 59, // 13: policy.attributes.UpdateAttributeRequest.metadata:type_name -> common.MetadataMutable - 60, // 14: policy.attributes.UpdateAttributeRequest.metadata_update_behavior:type_name -> common.MetadataUpdateEnum - 55, // 15: policy.attributes.UpdateAttributeResponse.attribute:type_name -> policy.Attribute - 55, // 16: policy.attributes.DeactivateAttributeResponse.attribute:type_name -> policy.Attribute - 61, // 17: policy.attributes.GetAttributeValueResponse.value:type_name -> policy.Value - 52, // 18: policy.attributes.ListAttributeValuesRequest.state:type_name -> common.ActiveStateEnum - 53, // 19: policy.attributes.ListAttributeValuesRequest.pagination:type_name -> policy.PageRequest - 61, // 20: policy.attributes.ListAttributeValuesResponse.values:type_name -> policy.Value - 56, // 21: policy.attributes.ListAttributeValuesResponse.pagination:type_name -> policy.PageResponse - 62, // 22: policy.attributes.AttributeValueObligationTriggerRequest.obligation_value:type_name -> common.IdFqnIdentifier - 63, // 23: policy.attributes.AttributeValueObligationTriggerRequest.action:type_name -> common.IdNameIdentifier - 64, // 24: policy.attributes.AttributeValueObligationTriggerRequest.context:type_name -> policy.RequestContext - 59, // 25: policy.attributes.AttributeValueObligationTriggerRequest.metadata:type_name -> common.MetadataMutable + 58, // 5: policy.attributes.ListAttributesRequest.search:type_name -> policy.Search + 59, // 6: policy.attributes.ListAttributesResponse.attributes:type_name -> policy.Attribute + 60, // 7: policy.attributes.ListAttributesResponse.pagination:type_name -> policy.PageResponse + 59, // 8: policy.attributes.GetAttributeResponse.attribute:type_name -> policy.Attribute + 61, // 9: policy.attributes.CreateAttributeRequest.rule:type_name -> policy.AttributeRuleTypeEnum + 62, // 10: policy.attributes.CreateAttributeRequest.allow_traversal:type_name -> google.protobuf.BoolValue + 63, // 11: policy.attributes.CreateAttributeRequest.metadata:type_name -> common.MetadataMutable + 59, // 12: policy.attributes.CreateAttributeResponse.attribute:type_name -> policy.Attribute + 63, // 13: policy.attributes.UpdateAttributeRequest.metadata:type_name -> common.MetadataMutable + 64, // 14: policy.attributes.UpdateAttributeRequest.metadata_update_behavior:type_name -> common.MetadataUpdateEnum + 59, // 15: policy.attributes.UpdateAttributeResponse.attribute:type_name -> policy.Attribute + 59, // 16: policy.attributes.DeactivateAttributeResponse.attribute:type_name -> policy.Attribute + 65, // 17: policy.attributes.GetAttributeValueResponse.value:type_name -> policy.Value + 56, // 18: policy.attributes.ListAttributeValuesRequest.state:type_name -> common.ActiveStateEnum + 57, // 19: policy.attributes.ListAttributeValuesRequest.pagination:type_name -> policy.PageRequest + 65, // 20: policy.attributes.ListAttributeValuesResponse.values:type_name -> policy.Value + 60, // 21: policy.attributes.ListAttributeValuesResponse.pagination:type_name -> policy.PageResponse + 66, // 22: policy.attributes.AttributeValueObligationTriggerRequest.obligation_value:type_name -> common.IdFqnIdentifier + 67, // 23: policy.attributes.AttributeValueObligationTriggerRequest.action:type_name -> common.IdNameIdentifier + 68, // 24: policy.attributes.AttributeValueObligationTriggerRequest.context:type_name -> policy.RequestContext + 63, // 25: policy.attributes.AttributeValueObligationTriggerRequest.metadata:type_name -> common.MetadataMutable 20, // 26: policy.attributes.CreateAttributeValueRequest.obligation_triggers:type_name -> policy.attributes.AttributeValueObligationTriggerRequest - 59, // 27: policy.attributes.CreateAttributeValueRequest.metadata:type_name -> common.MetadataMutable - 61, // 28: policy.attributes.CreateAttributeValueResponse.value:type_name -> policy.Value - 59, // 29: policy.attributes.UpdateAttributeValueRequest.metadata:type_name -> common.MetadataMutable - 60, // 30: policy.attributes.UpdateAttributeValueRequest.metadata_update_behavior:type_name -> common.MetadataUpdateEnum - 61, // 31: policy.attributes.UpdateAttributeValueResponse.value:type_name -> policy.Value - 61, // 32: policy.attributes.DeactivateAttributeValueResponse.value:type_name -> policy.Value - 48, // 33: policy.attributes.GetAttributeValuesByFqnsResponse.fqn_attribute_values:type_name -> policy.attributes.GetAttributeValuesByFqnsResponse.FqnAttributeValuesEntry - 50, // 34: policy.attributes.GetKeyMappingsByFqnsResponse.fqn_key_mappings:type_name -> policy.attributes.GetKeyMappingsByFqnsResponse.FqnKeyMappingsEntry - 1, // 35: policy.attributes.AssignKeyAccessServerToAttributeRequest.attribute_key_access_server:type_name -> policy.attributes.AttributeKeyAccessServer - 1, // 36: policy.attributes.AssignKeyAccessServerToAttributeResponse.attribute_key_access_server:type_name -> policy.attributes.AttributeKeyAccessServer - 1, // 37: policy.attributes.RemoveKeyAccessServerFromAttributeRequest.attribute_key_access_server:type_name -> policy.attributes.AttributeKeyAccessServer - 1, // 38: policy.attributes.RemoveKeyAccessServerFromAttributeResponse.attribute_key_access_server:type_name -> policy.attributes.AttributeKeyAccessServer - 2, // 39: policy.attributes.AssignKeyAccessServerToValueRequest.value_key_access_server:type_name -> policy.attributes.ValueKeyAccessServer - 2, // 40: policy.attributes.AssignKeyAccessServerToValueResponse.value_key_access_server:type_name -> policy.attributes.ValueKeyAccessServer - 2, // 41: policy.attributes.RemoveKeyAccessServerFromValueRequest.value_key_access_server:type_name -> policy.attributes.ValueKeyAccessServer - 2, // 42: policy.attributes.RemoveKeyAccessServerFromValueResponse.value_key_access_server:type_name -> policy.attributes.ValueKeyAccessServer - 3, // 43: policy.attributes.AssignPublicKeyToAttributeRequest.attribute_key:type_name -> policy.attributes.AttributeKey - 3, // 44: policy.attributes.AssignPublicKeyToAttributeResponse.attribute_key:type_name -> policy.attributes.AttributeKey - 3, // 45: policy.attributes.RemovePublicKeyFromAttributeRequest.attribute_key:type_name -> policy.attributes.AttributeKey - 3, // 46: policy.attributes.RemovePublicKeyFromAttributeResponse.attribute_key:type_name -> policy.attributes.AttributeKey - 4, // 47: policy.attributes.AssignPublicKeyToValueRequest.value_key:type_name -> policy.attributes.ValueKey - 4, // 48: policy.attributes.AssignPublicKeyToValueResponse.value_key:type_name -> policy.attributes.ValueKey - 4, // 49: policy.attributes.RemovePublicKeyFromValueRequest.value_key:type_name -> policy.attributes.ValueKey - 4, // 50: policy.attributes.RemovePublicKeyFromValueResponse.value_key:type_name -> policy.attributes.ValueKey - 55, // 51: policy.attributes.GetAttributeValuesByFqnsResponse.AttributeAndValue.attribute:type_name -> policy.Attribute - 61, // 52: policy.attributes.GetAttributeValuesByFqnsResponse.AttributeAndValue.value:type_name -> policy.Value - 47, // 53: policy.attributes.GetAttributeValuesByFqnsResponse.FqnAttributeValuesEntry.value:type_name -> policy.attributes.GetAttributeValuesByFqnsResponse.AttributeAndValue - 57, // 54: policy.attributes.GetKeyMappingsByFqnsResponse.AttributeKeyMapping.rule:type_name -> policy.AttributeRuleTypeEnum - 65, // 55: policy.attributes.GetKeyMappingsByFqnsResponse.AttributeKeyMapping.keys:type_name -> policy.SimpleKasKey - 49, // 56: policy.attributes.GetKeyMappingsByFqnsResponse.FqnKeyMappingsEntry.value:type_name -> policy.attributes.GetKeyMappingsByFqnsResponse.AttributeKeyMapping - 6, // 57: policy.attributes.AttributesService.ListAttributes:input_type -> policy.attributes.ListAttributesRequest - 18, // 58: policy.attributes.AttributesService.ListAttributeValues:input_type -> policy.attributes.ListAttributeValuesRequest - 8, // 59: policy.attributes.AttributesService.GetAttribute:input_type -> policy.attributes.GetAttributeRequest - 27, // 60: policy.attributes.AttributesService.GetAttributeValuesByFqns:input_type -> policy.attributes.GetAttributeValuesByFqnsRequest - 29, // 61: policy.attributes.AttributesService.GetKeyMappingsByFqns:input_type -> policy.attributes.GetKeyMappingsByFqnsRequest - 10, // 62: policy.attributes.AttributesService.CreateAttribute:input_type -> policy.attributes.CreateAttributeRequest - 12, // 63: policy.attributes.AttributesService.UpdateAttribute:input_type -> policy.attributes.UpdateAttributeRequest - 14, // 64: policy.attributes.AttributesService.DeactivateAttribute:input_type -> policy.attributes.DeactivateAttributeRequest - 16, // 65: policy.attributes.AttributesService.GetAttributeValue:input_type -> policy.attributes.GetAttributeValueRequest - 21, // 66: policy.attributes.AttributesService.CreateAttributeValue:input_type -> policy.attributes.CreateAttributeValueRequest - 23, // 67: policy.attributes.AttributesService.UpdateAttributeValue:input_type -> policy.attributes.UpdateAttributeValueRequest - 25, // 68: policy.attributes.AttributesService.DeactivateAttributeValue:input_type -> policy.attributes.DeactivateAttributeValueRequest - 31, // 69: policy.attributes.AttributesService.AssignKeyAccessServerToAttribute:input_type -> policy.attributes.AssignKeyAccessServerToAttributeRequest - 33, // 70: policy.attributes.AttributesService.RemoveKeyAccessServerFromAttribute:input_type -> policy.attributes.RemoveKeyAccessServerFromAttributeRequest - 35, // 71: policy.attributes.AttributesService.AssignKeyAccessServerToValue:input_type -> policy.attributes.AssignKeyAccessServerToValueRequest - 37, // 72: policy.attributes.AttributesService.RemoveKeyAccessServerFromValue:input_type -> policy.attributes.RemoveKeyAccessServerFromValueRequest - 39, // 73: policy.attributes.AttributesService.AssignPublicKeyToAttribute:input_type -> policy.attributes.AssignPublicKeyToAttributeRequest - 41, // 74: policy.attributes.AttributesService.RemovePublicKeyFromAttribute:input_type -> policy.attributes.RemovePublicKeyFromAttributeRequest - 43, // 75: policy.attributes.AttributesService.AssignPublicKeyToValue:input_type -> policy.attributes.AssignPublicKeyToValueRequest - 45, // 76: policy.attributes.AttributesService.RemovePublicKeyFromValue:input_type -> policy.attributes.RemovePublicKeyFromValueRequest - 7, // 77: policy.attributes.AttributesService.ListAttributes:output_type -> policy.attributes.ListAttributesResponse - 19, // 78: policy.attributes.AttributesService.ListAttributeValues:output_type -> policy.attributes.ListAttributeValuesResponse - 9, // 79: policy.attributes.AttributesService.GetAttribute:output_type -> policy.attributes.GetAttributeResponse - 28, // 80: policy.attributes.AttributesService.GetAttributeValuesByFqns:output_type -> policy.attributes.GetAttributeValuesByFqnsResponse - 30, // 81: policy.attributes.AttributesService.GetKeyMappingsByFqns:output_type -> policy.attributes.GetKeyMappingsByFqnsResponse - 11, // 82: policy.attributes.AttributesService.CreateAttribute:output_type -> policy.attributes.CreateAttributeResponse - 13, // 83: policy.attributes.AttributesService.UpdateAttribute:output_type -> policy.attributes.UpdateAttributeResponse - 15, // 84: policy.attributes.AttributesService.DeactivateAttribute:output_type -> policy.attributes.DeactivateAttributeResponse - 17, // 85: policy.attributes.AttributesService.GetAttributeValue:output_type -> policy.attributes.GetAttributeValueResponse - 22, // 86: policy.attributes.AttributesService.CreateAttributeValue:output_type -> policy.attributes.CreateAttributeValueResponse - 24, // 87: policy.attributes.AttributesService.UpdateAttributeValue:output_type -> policy.attributes.UpdateAttributeValueResponse - 26, // 88: policy.attributes.AttributesService.DeactivateAttributeValue:output_type -> policy.attributes.DeactivateAttributeValueResponse - 32, // 89: policy.attributes.AttributesService.AssignKeyAccessServerToAttribute:output_type -> policy.attributes.AssignKeyAccessServerToAttributeResponse - 34, // 90: policy.attributes.AttributesService.RemoveKeyAccessServerFromAttribute:output_type -> policy.attributes.RemoveKeyAccessServerFromAttributeResponse - 36, // 91: policy.attributes.AttributesService.AssignKeyAccessServerToValue:output_type -> policy.attributes.AssignKeyAccessServerToValueResponse - 38, // 92: policy.attributes.AttributesService.RemoveKeyAccessServerFromValue:output_type -> policy.attributes.RemoveKeyAccessServerFromValueResponse - 40, // 93: policy.attributes.AttributesService.AssignPublicKeyToAttribute:output_type -> policy.attributes.AssignPublicKeyToAttributeResponse - 42, // 94: policy.attributes.AttributesService.RemovePublicKeyFromAttribute:output_type -> policy.attributes.RemovePublicKeyFromAttributeResponse - 44, // 95: policy.attributes.AttributesService.AssignPublicKeyToValue:output_type -> policy.attributes.AssignPublicKeyToValueResponse - 46, // 96: policy.attributes.AttributesService.RemovePublicKeyFromValue:output_type -> policy.attributes.RemovePublicKeyFromValueResponse - 77, // [77:97] is the sub-list for method output_type - 57, // [57:77] is the sub-list for method input_type - 57, // [57:57] is the sub-list for extension type_name - 57, // [57:57] is the sub-list for extension extendee - 0, // [0:57] is the sub-list for field type_name + 63, // 27: policy.attributes.CreateAttributeValueRequest.metadata:type_name -> common.MetadataMutable + 65, // 28: policy.attributes.CreateAttributeValueResponse.value:type_name -> policy.Value + 63, // 29: policy.attributes.UpdateAttributeValueRequest.metadata:type_name -> common.MetadataMutable + 64, // 30: policy.attributes.UpdateAttributeValueRequest.metadata_update_behavior:type_name -> common.MetadataUpdateEnum + 65, // 31: policy.attributes.UpdateAttributeValueResponse.value:type_name -> policy.Value + 65, // 32: policy.attributes.DeactivateAttributeValueResponse.value:type_name -> policy.Value + 50, // 33: policy.attributes.GetAttributeValuesByFqnsResponse.fqn_attribute_values:type_name -> policy.attributes.GetAttributeValuesByFqnsResponse.FqnAttributeValuesEntry + 52, // 34: policy.attributes.GetKeyMappingsByFqnsResponse.fqn_key_mappings:type_name -> policy.attributes.GetKeyMappingsByFqnsResponse.FqnKeyMappingsEntry + 54, // 35: policy.attributes.GetEntitleableAttributesByFqnsResponse.fqn_entitleable_attributes:type_name -> policy.attributes.GetEntitleableAttributesByFqnsResponse.FqnEntitleableAttributesEntry + 1, // 36: policy.attributes.AssignKeyAccessServerToAttributeRequest.attribute_key_access_server:type_name -> policy.attributes.AttributeKeyAccessServer + 1, // 37: policy.attributes.AssignKeyAccessServerToAttributeResponse.attribute_key_access_server:type_name -> policy.attributes.AttributeKeyAccessServer + 1, // 38: policy.attributes.RemoveKeyAccessServerFromAttributeRequest.attribute_key_access_server:type_name -> policy.attributes.AttributeKeyAccessServer + 1, // 39: policy.attributes.RemoveKeyAccessServerFromAttributeResponse.attribute_key_access_server:type_name -> policy.attributes.AttributeKeyAccessServer + 2, // 40: policy.attributes.AssignKeyAccessServerToValueRequest.value_key_access_server:type_name -> policy.attributes.ValueKeyAccessServer + 2, // 41: policy.attributes.AssignKeyAccessServerToValueResponse.value_key_access_server:type_name -> policy.attributes.ValueKeyAccessServer + 2, // 42: policy.attributes.RemoveKeyAccessServerFromValueRequest.value_key_access_server:type_name -> policy.attributes.ValueKeyAccessServer + 2, // 43: policy.attributes.RemoveKeyAccessServerFromValueResponse.value_key_access_server:type_name -> policy.attributes.ValueKeyAccessServer + 3, // 44: policy.attributes.AssignPublicKeyToAttributeRequest.attribute_key:type_name -> policy.attributes.AttributeKey + 3, // 45: policy.attributes.AssignPublicKeyToAttributeResponse.attribute_key:type_name -> policy.attributes.AttributeKey + 3, // 46: policy.attributes.RemovePublicKeyFromAttributeRequest.attribute_key:type_name -> policy.attributes.AttributeKey + 3, // 47: policy.attributes.RemovePublicKeyFromAttributeResponse.attribute_key:type_name -> policy.attributes.AttributeKey + 4, // 48: policy.attributes.AssignPublicKeyToValueRequest.value_key:type_name -> policy.attributes.ValueKey + 4, // 49: policy.attributes.AssignPublicKeyToValueResponse.value_key:type_name -> policy.attributes.ValueKey + 4, // 50: policy.attributes.RemovePublicKeyFromValueRequest.value_key:type_name -> policy.attributes.ValueKey + 4, // 51: policy.attributes.RemovePublicKeyFromValueResponse.value_key:type_name -> policy.attributes.ValueKey + 59, // 52: policy.attributes.GetAttributeValuesByFqnsResponse.AttributeAndValue.attribute:type_name -> policy.Attribute + 65, // 53: policy.attributes.GetAttributeValuesByFqnsResponse.AttributeAndValue.value:type_name -> policy.Value + 49, // 54: policy.attributes.GetAttributeValuesByFqnsResponse.FqnAttributeValuesEntry.value:type_name -> policy.attributes.GetAttributeValuesByFqnsResponse.AttributeAndValue + 61, // 55: policy.attributes.GetKeyMappingsByFqnsResponse.AttributeKeyMapping.rule:type_name -> policy.AttributeRuleTypeEnum + 69, // 56: policy.attributes.GetKeyMappingsByFqnsResponse.AttributeKeyMapping.keys:type_name -> policy.SimpleKasKey + 51, // 57: policy.attributes.GetKeyMappingsByFqnsResponse.FqnKeyMappingsEntry.value:type_name -> policy.attributes.GetKeyMappingsByFqnsResponse.AttributeKeyMapping + 61, // 58: policy.attributes.GetEntitleableAttributesByFqnsResponse.EntitleableAttribute.rule:type_name -> policy.AttributeRuleTypeEnum + 70, // 59: policy.attributes.GetEntitleableAttributesByFqnsResponse.EntitleableAttribute.subject_mappings:type_name -> policy.SubjectMapping + 53, // 60: policy.attributes.GetEntitleableAttributesByFqnsResponse.FqnEntitleableAttributesEntry.value:type_name -> policy.attributes.GetEntitleableAttributesByFqnsResponse.EntitleableAttribute + 6, // 61: policy.attributes.AttributesService.ListAttributes:input_type -> policy.attributes.ListAttributesRequest + 18, // 62: policy.attributes.AttributesService.ListAttributeValues:input_type -> policy.attributes.ListAttributeValuesRequest + 8, // 63: policy.attributes.AttributesService.GetAttribute:input_type -> policy.attributes.GetAttributeRequest + 27, // 64: policy.attributes.AttributesService.GetAttributeValuesByFqns:input_type -> policy.attributes.GetAttributeValuesByFqnsRequest + 29, // 65: policy.attributes.AttributesService.GetKeyMappingsByFqns:input_type -> policy.attributes.GetKeyMappingsByFqnsRequest + 31, // 66: policy.attributes.AttributesService.GetEntitleableAttributesByFqns:input_type -> policy.attributes.GetEntitleableAttributesByFqnsRequest + 10, // 67: policy.attributes.AttributesService.CreateAttribute:input_type -> policy.attributes.CreateAttributeRequest + 12, // 68: policy.attributes.AttributesService.UpdateAttribute:input_type -> policy.attributes.UpdateAttributeRequest + 14, // 69: policy.attributes.AttributesService.DeactivateAttribute:input_type -> policy.attributes.DeactivateAttributeRequest + 16, // 70: policy.attributes.AttributesService.GetAttributeValue:input_type -> policy.attributes.GetAttributeValueRequest + 21, // 71: policy.attributes.AttributesService.CreateAttributeValue:input_type -> policy.attributes.CreateAttributeValueRequest + 23, // 72: policy.attributes.AttributesService.UpdateAttributeValue:input_type -> policy.attributes.UpdateAttributeValueRequest + 25, // 73: policy.attributes.AttributesService.DeactivateAttributeValue:input_type -> policy.attributes.DeactivateAttributeValueRequest + 33, // 74: policy.attributes.AttributesService.AssignKeyAccessServerToAttribute:input_type -> policy.attributes.AssignKeyAccessServerToAttributeRequest + 35, // 75: policy.attributes.AttributesService.RemoveKeyAccessServerFromAttribute:input_type -> policy.attributes.RemoveKeyAccessServerFromAttributeRequest + 37, // 76: policy.attributes.AttributesService.AssignKeyAccessServerToValue:input_type -> policy.attributes.AssignKeyAccessServerToValueRequest + 39, // 77: policy.attributes.AttributesService.RemoveKeyAccessServerFromValue:input_type -> policy.attributes.RemoveKeyAccessServerFromValueRequest + 41, // 78: policy.attributes.AttributesService.AssignPublicKeyToAttribute:input_type -> policy.attributes.AssignPublicKeyToAttributeRequest + 43, // 79: policy.attributes.AttributesService.RemovePublicKeyFromAttribute:input_type -> policy.attributes.RemovePublicKeyFromAttributeRequest + 45, // 80: policy.attributes.AttributesService.AssignPublicKeyToValue:input_type -> policy.attributes.AssignPublicKeyToValueRequest + 47, // 81: policy.attributes.AttributesService.RemovePublicKeyFromValue:input_type -> policy.attributes.RemovePublicKeyFromValueRequest + 7, // 82: policy.attributes.AttributesService.ListAttributes:output_type -> policy.attributes.ListAttributesResponse + 19, // 83: policy.attributes.AttributesService.ListAttributeValues:output_type -> policy.attributes.ListAttributeValuesResponse + 9, // 84: policy.attributes.AttributesService.GetAttribute:output_type -> policy.attributes.GetAttributeResponse + 28, // 85: policy.attributes.AttributesService.GetAttributeValuesByFqns:output_type -> policy.attributes.GetAttributeValuesByFqnsResponse + 30, // 86: policy.attributes.AttributesService.GetKeyMappingsByFqns:output_type -> policy.attributes.GetKeyMappingsByFqnsResponse + 32, // 87: policy.attributes.AttributesService.GetEntitleableAttributesByFqns:output_type -> policy.attributes.GetEntitleableAttributesByFqnsResponse + 11, // 88: policy.attributes.AttributesService.CreateAttribute:output_type -> policy.attributes.CreateAttributeResponse + 13, // 89: policy.attributes.AttributesService.UpdateAttribute:output_type -> policy.attributes.UpdateAttributeResponse + 15, // 90: policy.attributes.AttributesService.DeactivateAttribute:output_type -> policy.attributes.DeactivateAttributeResponse + 17, // 91: policy.attributes.AttributesService.GetAttributeValue:output_type -> policy.attributes.GetAttributeValueResponse + 22, // 92: policy.attributes.AttributesService.CreateAttributeValue:output_type -> policy.attributes.CreateAttributeValueResponse + 24, // 93: policy.attributes.AttributesService.UpdateAttributeValue:output_type -> policy.attributes.UpdateAttributeValueResponse + 26, // 94: policy.attributes.AttributesService.DeactivateAttributeValue:output_type -> policy.attributes.DeactivateAttributeValueResponse + 34, // 95: policy.attributes.AttributesService.AssignKeyAccessServerToAttribute:output_type -> policy.attributes.AssignKeyAccessServerToAttributeResponse + 36, // 96: policy.attributes.AttributesService.RemoveKeyAccessServerFromAttribute:output_type -> policy.attributes.RemoveKeyAccessServerFromAttributeResponse + 38, // 97: policy.attributes.AttributesService.AssignKeyAccessServerToValue:output_type -> policy.attributes.AssignKeyAccessServerToValueResponse + 40, // 98: policy.attributes.AttributesService.RemoveKeyAccessServerFromValue:output_type -> policy.attributes.RemoveKeyAccessServerFromValueResponse + 42, // 99: policy.attributes.AttributesService.AssignPublicKeyToAttribute:output_type -> policy.attributes.AssignPublicKeyToAttributeResponse + 44, // 100: policy.attributes.AttributesService.RemovePublicKeyFromAttribute:output_type -> policy.attributes.RemovePublicKeyFromAttributeResponse + 46, // 101: policy.attributes.AttributesService.AssignPublicKeyToValue:output_type -> policy.attributes.AssignPublicKeyToValueResponse + 48, // 102: policy.attributes.AttributesService.RemovePublicKeyFromValue:output_type -> policy.attributes.RemovePublicKeyFromValueResponse + 82, // [82:103] is the sub-list for method output_type + 61, // [61:82] is the sub-list for method input_type + 61, // [61:61] is the sub-list for extension type_name + 61, // [61:61] is the sub-list for extension extendee + 0, // [0:61] is the sub-list for field type_name } func init() { file_policy_attributes_attributes_proto_init() } @@ -4026,7 +4288,7 @@ func file_policy_attributes_attributes_proto_init() { } } file_policy_attributes_attributes_proto_msgTypes[30].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AssignKeyAccessServerToAttributeRequest); i { + switch v := v.(*GetEntitleableAttributesByFqnsRequest); i { case 0: return &v.state case 1: @@ -4038,7 +4300,7 @@ func file_policy_attributes_attributes_proto_init() { } } file_policy_attributes_attributes_proto_msgTypes[31].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AssignKeyAccessServerToAttributeResponse); i { + switch v := v.(*GetEntitleableAttributesByFqnsResponse); i { case 0: return &v.state case 1: @@ -4050,7 +4312,7 @@ func file_policy_attributes_attributes_proto_init() { } } file_policy_attributes_attributes_proto_msgTypes[32].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RemoveKeyAccessServerFromAttributeRequest); i { + switch v := v.(*AssignKeyAccessServerToAttributeRequest); i { case 0: return &v.state case 1: @@ -4062,7 +4324,7 @@ func file_policy_attributes_attributes_proto_init() { } } file_policy_attributes_attributes_proto_msgTypes[33].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RemoveKeyAccessServerFromAttributeResponse); i { + switch v := v.(*AssignKeyAccessServerToAttributeResponse); i { case 0: return &v.state case 1: @@ -4074,7 +4336,7 @@ func file_policy_attributes_attributes_proto_init() { } } file_policy_attributes_attributes_proto_msgTypes[34].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AssignKeyAccessServerToValueRequest); i { + switch v := v.(*RemoveKeyAccessServerFromAttributeRequest); i { case 0: return &v.state case 1: @@ -4086,7 +4348,7 @@ func file_policy_attributes_attributes_proto_init() { } } file_policy_attributes_attributes_proto_msgTypes[35].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AssignKeyAccessServerToValueResponse); i { + switch v := v.(*RemoveKeyAccessServerFromAttributeResponse); i { case 0: return &v.state case 1: @@ -4098,7 +4360,7 @@ func file_policy_attributes_attributes_proto_init() { } } file_policy_attributes_attributes_proto_msgTypes[36].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RemoveKeyAccessServerFromValueRequest); i { + switch v := v.(*AssignKeyAccessServerToValueRequest); i { case 0: return &v.state case 1: @@ -4110,7 +4372,7 @@ func file_policy_attributes_attributes_proto_init() { } } file_policy_attributes_attributes_proto_msgTypes[37].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RemoveKeyAccessServerFromValueResponse); i { + switch v := v.(*AssignKeyAccessServerToValueResponse); i { case 0: return &v.state case 1: @@ -4122,7 +4384,7 @@ func file_policy_attributes_attributes_proto_init() { } } file_policy_attributes_attributes_proto_msgTypes[38].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AssignPublicKeyToAttributeRequest); i { + switch v := v.(*RemoveKeyAccessServerFromValueRequest); i { case 0: return &v.state case 1: @@ -4134,7 +4396,7 @@ func file_policy_attributes_attributes_proto_init() { } } file_policy_attributes_attributes_proto_msgTypes[39].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AssignPublicKeyToAttributeResponse); i { + switch v := v.(*RemoveKeyAccessServerFromValueResponse); i { case 0: return &v.state case 1: @@ -4146,7 +4408,7 @@ func file_policy_attributes_attributes_proto_init() { } } file_policy_attributes_attributes_proto_msgTypes[40].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RemovePublicKeyFromAttributeRequest); i { + switch v := v.(*AssignPublicKeyToAttributeRequest); i { case 0: return &v.state case 1: @@ -4158,7 +4420,7 @@ func file_policy_attributes_attributes_proto_init() { } } file_policy_attributes_attributes_proto_msgTypes[41].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RemovePublicKeyFromAttributeResponse); i { + switch v := v.(*AssignPublicKeyToAttributeResponse); i { case 0: return &v.state case 1: @@ -4170,7 +4432,7 @@ func file_policy_attributes_attributes_proto_init() { } } file_policy_attributes_attributes_proto_msgTypes[42].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AssignPublicKeyToValueRequest); i { + switch v := v.(*RemovePublicKeyFromAttributeRequest); i { case 0: return &v.state case 1: @@ -4182,7 +4444,7 @@ func file_policy_attributes_attributes_proto_init() { } } file_policy_attributes_attributes_proto_msgTypes[43].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AssignPublicKeyToValueResponse); i { + switch v := v.(*RemovePublicKeyFromAttributeResponse); i { case 0: return &v.state case 1: @@ -4194,7 +4456,7 @@ func file_policy_attributes_attributes_proto_init() { } } file_policy_attributes_attributes_proto_msgTypes[44].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RemovePublicKeyFromValueRequest); i { + switch v := v.(*AssignPublicKeyToValueRequest); i { case 0: return &v.state case 1: @@ -4206,7 +4468,7 @@ func file_policy_attributes_attributes_proto_init() { } } file_policy_attributes_attributes_proto_msgTypes[45].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RemovePublicKeyFromValueResponse); i { + switch v := v.(*AssignPublicKeyToValueResponse); i { case 0: return &v.state case 1: @@ -4218,7 +4480,19 @@ func file_policy_attributes_attributes_proto_init() { } } file_policy_attributes_attributes_proto_msgTypes[46].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*GetAttributeValuesByFqnsResponse_AttributeAndValue); i { + switch v := v.(*RemovePublicKeyFromValueRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_policy_attributes_attributes_proto_msgTypes[47].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*RemovePublicKeyFromValueResponse); i { case 0: return &v.state case 1: @@ -4230,6 +4504,18 @@ func file_policy_attributes_attributes_proto_init() { } } file_policy_attributes_attributes_proto_msgTypes[48].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*GetAttributeValuesByFqnsResponse_AttributeAndValue); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_policy_attributes_attributes_proto_msgTypes[50].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*GetKeyMappingsByFqnsResponse_AttributeKeyMapping); i { case 0: return &v.state @@ -4241,6 +4527,18 @@ func file_policy_attributes_attributes_proto_init() { return nil } } + file_policy_attributes_attributes_proto_msgTypes[52].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*GetEntitleableAttributesByFqnsResponse_EntitleableAttribute); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } } file_policy_attributes_attributes_proto_msgTypes[7].OneofWrappers = []interface{}{ (*GetAttributeRequest_AttributeId)(nil), @@ -4256,7 +4554,7 @@ func file_policy_attributes_attributes_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_policy_attributes_attributes_proto_rawDesc, NumEnums: 1, - NumMessages: 50, + NumMessages: 54, NumExtensions: 0, NumServices: 1, }, diff --git a/protocol/go/policy/attributes/attributes_grpc.pb.go b/protocol/go/policy/attributes/attributes_grpc.pb.go index f25b739a88..ba8e6c3c5e 100644 --- a/protocol/go/policy/attributes/attributes_grpc.pb.go +++ b/protocol/go/policy/attributes/attributes_grpc.pb.go @@ -24,6 +24,7 @@ const ( AttributesService_GetAttribute_FullMethodName = "/policy.attributes.AttributesService/GetAttribute" AttributesService_GetAttributeValuesByFqns_FullMethodName = "/policy.attributes.AttributesService/GetAttributeValuesByFqns" AttributesService_GetKeyMappingsByFqns_FullMethodName = "/policy.attributes.AttributesService/GetKeyMappingsByFqns" + AttributesService_GetEntitleableAttributesByFqns_FullMethodName = "/policy.attributes.AttributesService/GetEntitleableAttributesByFqns" AttributesService_CreateAttribute_FullMethodName = "/policy.attributes.AttributesService/CreateAttribute" AttributesService_UpdateAttribute_FullMethodName = "/policy.attributes.AttributesService/UpdateAttribute" AttributesService_DeactivateAttribute_FullMethodName = "/policy.attributes.AttributesService/DeactivateAttribute" @@ -58,6 +59,10 @@ type AttributesServiceClient interface { // Returns only key-mapping information (rule and effective KAS keys) for the // requested attribute value FQNs, for client-side key split construction. GetKeyMappingsByFqns(ctx context.Context, in *GetKeyMappingsByFqnsRequest, opts ...grpc.CallOption) (*GetKeyMappingsByFqnsResponse, error) + // Returns only entitlement-relevant information (rule, value identity, ordered + // definition values, and subject mappings) for the requested attribute value + // FQNs, for server-side decisioning / entitlement resolution. + GetEntitleableAttributesByFqns(ctx context.Context, in *GetEntitleableAttributesByFqnsRequest, opts ...grpc.CallOption) (*GetEntitleableAttributesByFqnsResponse, error) CreateAttribute(ctx context.Context, in *CreateAttributeRequest, opts ...grpc.CallOption) (*CreateAttributeResponse, error) UpdateAttribute(ctx context.Context, in *UpdateAttributeRequest, opts ...grpc.CallOption) (*UpdateAttributeResponse, error) DeactivateAttribute(ctx context.Context, in *DeactivateAttributeRequest, opts ...grpc.CallOption) (*DeactivateAttributeResponse, error) @@ -140,6 +145,15 @@ func (c *attributesServiceClient) GetKeyMappingsByFqns(ctx context.Context, in * return out, nil } +func (c *attributesServiceClient) GetEntitleableAttributesByFqns(ctx context.Context, in *GetEntitleableAttributesByFqnsRequest, opts ...grpc.CallOption) (*GetEntitleableAttributesByFqnsResponse, error) { + out := new(GetEntitleableAttributesByFqnsResponse) + err := c.cc.Invoke(ctx, AttributesService_GetEntitleableAttributesByFqns_FullMethodName, in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + func (c *attributesServiceClient) CreateAttribute(ctx context.Context, in *CreateAttributeRequest, opts ...grpc.CallOption) (*CreateAttributeResponse, error) { out := new(CreateAttributeResponse) err := c.cc.Invoke(ctx, AttributesService_CreateAttribute_FullMethodName, in, out, opts...) @@ -296,6 +310,10 @@ type AttributesServiceServer interface { // Returns only key-mapping information (rule and effective KAS keys) for the // requested attribute value FQNs, for client-side key split construction. GetKeyMappingsByFqns(context.Context, *GetKeyMappingsByFqnsRequest) (*GetKeyMappingsByFqnsResponse, error) + // Returns only entitlement-relevant information (rule, value identity, ordered + // definition values, and subject mappings) for the requested attribute value + // FQNs, for server-side decisioning / entitlement resolution. + GetEntitleableAttributesByFqns(context.Context, *GetEntitleableAttributesByFqnsRequest) (*GetEntitleableAttributesByFqnsResponse, error) CreateAttribute(context.Context, *CreateAttributeRequest) (*CreateAttributeResponse, error) UpdateAttribute(context.Context, *UpdateAttributeRequest) (*UpdateAttributeResponse, error) DeactivateAttribute(context.Context, *DeactivateAttributeRequest) (*DeactivateAttributeResponse, error) @@ -344,6 +362,9 @@ func (UnimplementedAttributesServiceServer) GetAttributeValuesByFqns(context.Con func (UnimplementedAttributesServiceServer) GetKeyMappingsByFqns(context.Context, *GetKeyMappingsByFqnsRequest) (*GetKeyMappingsByFqnsResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method GetKeyMappingsByFqns not implemented") } +func (UnimplementedAttributesServiceServer) GetEntitleableAttributesByFqns(context.Context, *GetEntitleableAttributesByFqnsRequest) (*GetEntitleableAttributesByFqnsResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetEntitleableAttributesByFqns not implemented") +} func (UnimplementedAttributesServiceServer) CreateAttribute(context.Context, *CreateAttributeRequest) (*CreateAttributeResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method CreateAttribute not implemented") } @@ -492,6 +513,24 @@ func _AttributesService_GetKeyMappingsByFqns_Handler(srv interface{}, ctx contex return interceptor(ctx, in, info, handler) } +func _AttributesService_GetEntitleableAttributesByFqns_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(GetEntitleableAttributesByFqnsRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AttributesServiceServer).GetEntitleableAttributesByFqns(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: AttributesService_GetEntitleableAttributesByFqns_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AttributesServiceServer).GetEntitleableAttributesByFqns(ctx, req.(*GetEntitleableAttributesByFqnsRequest)) + } + return interceptor(ctx, in, info, handler) +} + func _AttributesService_CreateAttribute_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(CreateAttributeRequest) if err := dec(in); err != nil { @@ -789,6 +828,10 @@ var AttributesService_ServiceDesc = grpc.ServiceDesc{ MethodName: "GetKeyMappingsByFqns", Handler: _AttributesService_GetKeyMappingsByFqns_Handler, }, + { + MethodName: "GetEntitleableAttributesByFqns", + Handler: _AttributesService_GetEntitleableAttributesByFqns_Handler, + }, { MethodName: "CreateAttribute", Handler: _AttributesService_CreateAttribute_Handler, diff --git a/protocol/go/policy/attributes/attributesconnect/attributes.connect.go b/protocol/go/policy/attributes/attributesconnect/attributes.connect.go index 34db1bb81f..fbac9369c0 100644 --- a/protocol/go/policy/attributes/attributesconnect/attributes.connect.go +++ b/protocol/go/policy/attributes/attributesconnect/attributes.connect.go @@ -48,6 +48,9 @@ const ( // AttributesServiceGetKeyMappingsByFqnsProcedure is the fully-qualified name of the // AttributesService's GetKeyMappingsByFqns RPC. AttributesServiceGetKeyMappingsByFqnsProcedure = "/policy.attributes.AttributesService/GetKeyMappingsByFqns" + // AttributesServiceGetEntitleableAttributesByFqnsProcedure is the fully-qualified name of the + // AttributesService's GetEntitleableAttributesByFqns RPC. + AttributesServiceGetEntitleableAttributesByFqnsProcedure = "/policy.attributes.AttributesService/GetEntitleableAttributesByFqns" // AttributesServiceCreateAttributeProcedure is the fully-qualified name of the AttributesService's // CreateAttribute RPC. AttributesServiceCreateAttributeProcedure = "/policy.attributes.AttributesService/CreateAttribute" @@ -111,6 +114,10 @@ type AttributesServiceClient interface { // Returns only key-mapping information (rule and effective KAS keys) for the // requested attribute value FQNs, for client-side key split construction. GetKeyMappingsByFqns(context.Context, *connect.Request[attributes.GetKeyMappingsByFqnsRequest]) (*connect.Response[attributes.GetKeyMappingsByFqnsResponse], error) + // Returns only entitlement-relevant information (rule, value identity, ordered + // definition values, and subject mappings) for the requested attribute value + // FQNs, for server-side decisioning / entitlement resolution. + GetEntitleableAttributesByFqns(context.Context, *connect.Request[attributes.GetEntitleableAttributesByFqnsRequest]) (*connect.Response[attributes.GetEntitleableAttributesByFqnsResponse], error) CreateAttribute(context.Context, *connect.Request[attributes.CreateAttributeRequest]) (*connect.Response[attributes.CreateAttributeResponse], error) UpdateAttribute(context.Context, *connect.Request[attributes.UpdateAttributeRequest]) (*connect.Response[attributes.UpdateAttributeResponse], error) DeactivateAttribute(context.Context, *connect.Request[attributes.DeactivateAttributeRequest]) (*connect.Response[attributes.DeactivateAttributeResponse], error) @@ -189,6 +196,13 @@ func NewAttributesServiceClient(httpClient connect.HTTPClient, baseURL string, o connect.WithIdempotency(connect.IdempotencyNoSideEffects), connect.WithClientOptions(opts...), ), + getEntitleableAttributesByFqns: connect.NewClient[attributes.GetEntitleableAttributesByFqnsRequest, attributes.GetEntitleableAttributesByFqnsResponse]( + httpClient, + baseURL+AttributesServiceGetEntitleableAttributesByFqnsProcedure, + connect.WithSchema(attributesServiceMethods.ByName("GetEntitleableAttributesByFqns")), + connect.WithIdempotency(connect.IdempotencyNoSideEffects), + connect.WithClientOptions(opts...), + ), createAttribute: connect.NewClient[attributes.CreateAttributeRequest, attributes.CreateAttributeResponse]( httpClient, baseURL+AttributesServiceCreateAttributeProcedure, @@ -290,6 +304,7 @@ type attributesServiceClient struct { getAttribute *connect.Client[attributes.GetAttributeRequest, attributes.GetAttributeResponse] getAttributeValuesByFqns *connect.Client[attributes.GetAttributeValuesByFqnsRequest, attributes.GetAttributeValuesByFqnsResponse] getKeyMappingsByFqns *connect.Client[attributes.GetKeyMappingsByFqnsRequest, attributes.GetKeyMappingsByFqnsResponse] + getEntitleableAttributesByFqns *connect.Client[attributes.GetEntitleableAttributesByFqnsRequest, attributes.GetEntitleableAttributesByFqnsResponse] createAttribute *connect.Client[attributes.CreateAttributeRequest, attributes.CreateAttributeResponse] updateAttribute *connect.Client[attributes.UpdateAttributeRequest, attributes.UpdateAttributeResponse] deactivateAttribute *connect.Client[attributes.DeactivateAttributeRequest, attributes.DeactivateAttributeResponse] @@ -334,6 +349,12 @@ func (c *attributesServiceClient) GetKeyMappingsByFqns(ctx context.Context, req return c.getKeyMappingsByFqns.CallUnary(ctx, req) } +// GetEntitleableAttributesByFqns calls +// policy.attributes.AttributesService.GetEntitleableAttributesByFqns. +func (c *attributesServiceClient) GetEntitleableAttributesByFqns(ctx context.Context, req *connect.Request[attributes.GetEntitleableAttributesByFqnsRequest]) (*connect.Response[attributes.GetEntitleableAttributesByFqnsResponse], error) { + return c.getEntitleableAttributesByFqns.CallUnary(ctx, req) +} + // CreateAttribute calls policy.attributes.AttributesService.CreateAttribute. func (c *attributesServiceClient) CreateAttribute(ctx context.Context, req *connect.Request[attributes.CreateAttributeRequest]) (*connect.Response[attributes.CreateAttributeResponse], error) { return c.createAttribute.CallUnary(ctx, req) @@ -438,6 +459,10 @@ type AttributesServiceHandler interface { // Returns only key-mapping information (rule and effective KAS keys) for the // requested attribute value FQNs, for client-side key split construction. GetKeyMappingsByFqns(context.Context, *connect.Request[attributes.GetKeyMappingsByFqnsRequest]) (*connect.Response[attributes.GetKeyMappingsByFqnsResponse], error) + // Returns only entitlement-relevant information (rule, value identity, ordered + // definition values, and subject mappings) for the requested attribute value + // FQNs, for server-side decisioning / entitlement resolution. + GetEntitleableAttributesByFqns(context.Context, *connect.Request[attributes.GetEntitleableAttributesByFqnsRequest]) (*connect.Response[attributes.GetEntitleableAttributesByFqnsResponse], error) CreateAttribute(context.Context, *connect.Request[attributes.CreateAttributeRequest]) (*connect.Response[attributes.CreateAttributeResponse], error) UpdateAttribute(context.Context, *connect.Request[attributes.UpdateAttributeRequest]) (*connect.Response[attributes.UpdateAttributeResponse], error) DeactivateAttribute(context.Context, *connect.Request[attributes.DeactivateAttributeRequest]) (*connect.Response[attributes.DeactivateAttributeResponse], error) @@ -512,6 +537,13 @@ func NewAttributesServiceHandler(svc AttributesServiceHandler, opts ...connect.H connect.WithIdempotency(connect.IdempotencyNoSideEffects), connect.WithHandlerOptions(opts...), ) + attributesServiceGetEntitleableAttributesByFqnsHandler := connect.NewUnaryHandler( + AttributesServiceGetEntitleableAttributesByFqnsProcedure, + svc.GetEntitleableAttributesByFqns, + connect.WithSchema(attributesServiceMethods.ByName("GetEntitleableAttributesByFqns")), + connect.WithIdempotency(connect.IdempotencyNoSideEffects), + connect.WithHandlerOptions(opts...), + ) attributesServiceCreateAttributeHandler := connect.NewUnaryHandler( AttributesServiceCreateAttributeProcedure, svc.CreateAttribute, @@ -615,6 +647,8 @@ func NewAttributesServiceHandler(svc AttributesServiceHandler, opts ...connect.H attributesServiceGetAttributeValuesByFqnsHandler.ServeHTTP(w, r) case AttributesServiceGetKeyMappingsByFqnsProcedure: attributesServiceGetKeyMappingsByFqnsHandler.ServeHTTP(w, r) + case AttributesServiceGetEntitleableAttributesByFqnsProcedure: + attributesServiceGetEntitleableAttributesByFqnsHandler.ServeHTTP(w, r) case AttributesServiceCreateAttributeProcedure: attributesServiceCreateAttributeHandler.ServeHTTP(w, r) case AttributesServiceUpdateAttributeProcedure: @@ -674,6 +708,10 @@ func (UnimplementedAttributesServiceHandler) GetKeyMappingsByFqns(context.Contex return nil, connect.NewError(connect.CodeUnimplemented, errors.New("policy.attributes.AttributesService.GetKeyMappingsByFqns is not implemented")) } +func (UnimplementedAttributesServiceHandler) GetEntitleableAttributesByFqns(context.Context, *connect.Request[attributes.GetEntitleableAttributesByFqnsRequest]) (*connect.Response[attributes.GetEntitleableAttributesByFqnsResponse], error) { + return nil, connect.NewError(connect.CodeUnimplemented, errors.New("policy.attributes.AttributesService.GetEntitleableAttributesByFqns is not implemented")) +} + func (UnimplementedAttributesServiceHandler) CreateAttribute(context.Context, *connect.Request[attributes.CreateAttributeRequest]) (*connect.Response[attributes.CreateAttributeResponse], error) { return nil, connect.NewError(connect.CodeUnimplemented, errors.New("policy.attributes.AttributesService.CreateAttribute is not implemented")) } diff --git a/sdk/sdkconnect/attributes.go b/sdk/sdkconnect/attributes.go index a7bb4a5599..8878278b32 100644 --- a/sdk/sdkconnect/attributes.go +++ b/sdk/sdkconnect/attributes.go @@ -22,6 +22,7 @@ type AttributesServiceClient interface { GetAttribute(ctx context.Context, req *attributes.GetAttributeRequest) (*attributes.GetAttributeResponse, error) GetAttributeValuesByFqns(ctx context.Context, req *attributes.GetAttributeValuesByFqnsRequest) (*attributes.GetAttributeValuesByFqnsResponse, error) GetKeyMappingsByFqns(ctx context.Context, req *attributes.GetKeyMappingsByFqnsRequest) (*attributes.GetKeyMappingsByFqnsResponse, error) + GetEntitleableAttributesByFqns(ctx context.Context, req *attributes.GetEntitleableAttributesByFqnsRequest) (*attributes.GetEntitleableAttributesByFqnsResponse, error) CreateAttribute(ctx context.Context, req *attributes.CreateAttributeRequest) (*attributes.CreateAttributeResponse, error) UpdateAttribute(ctx context.Context, req *attributes.UpdateAttributeRequest) (*attributes.UpdateAttributeResponse, error) DeactivateAttribute(ctx context.Context, req *attributes.DeactivateAttributeRequest) (*attributes.DeactivateAttributeResponse, error) @@ -84,6 +85,15 @@ func (w *AttributesServiceClientConnectWrapper) GetKeyMappingsByFqns(ctx context return res.Msg, err } +func (w *AttributesServiceClientConnectWrapper) GetEntitleableAttributesByFqns(ctx context.Context, req *attributes.GetEntitleableAttributesByFqnsRequest) (*attributes.GetEntitleableAttributesByFqnsResponse, error) { + // Wrap Connect RPC client request + res, err := w.AttributesServiceClient.GetEntitleableAttributesByFqns(ctx, connect.NewRequest(req)) + if res == nil { + return nil, err + } + return res.Msg, err +} + func (w *AttributesServiceClientConnectWrapper) CreateAttribute(ctx context.Context, req *attributes.CreateAttributeRequest) (*attributes.CreateAttributeResponse, error) { // Wrap Connect RPC client request res, err := w.AttributesServiceClient.CreateAttribute(ctx, connect.NewRequest(req)) diff --git a/service/integration/attributes_test.go b/service/integration/attributes_test.go index 9c4f0ff104..04a17de91f 100644 --- a/service/integration/attributes_test.go +++ b/service/integration/attributes_test.go @@ -1573,6 +1573,44 @@ func (s *AttributesSuite) Test_GetKeyMappingsByFqns() { validateSimpleKasKey(&s.Suite, kasKey, mappings[fqnAlpha].GetKeys()[0]) } +func (s *AttributesSuite) Test_GetEntitleableAttributesByFqns() { + value1 := s.f.GetAttributeValueKey("example.com/attr/attr1/value/value1") + value2 := s.f.GetAttributeValueKey("example.com/attr/attr1/value/value2") + fqn1 := "https://example.com/attr/attr1/value/value1" + fqn2 := "https://example.com/attr/attr1/value/value2" + + resp, err := s.db.PolicyClient.GetEntitleableAttributesByFqns(s.ctx, &attributes.GetEntitleableAttributesByFqnsRequest{ + Fqns: []string{fqn1, fqn2}, + }) + s.Require().NoError(err) + s.Len(resp, 2) + + e1 := resp[fqn1] + s.Require().NotNil(e1) + s.Equal(fqn1, e1.GetFqn()) + s.Equal("https://example.com/attr/attr1", e1.GetAttributeFqn()) + s.Equal(value1.ID, e1.GetValueId()) + s.NotEqual(policy.AttributeRuleTypeEnum_ATTRIBUTE_RULE_TYPE_ENUM_UNSPECIFIED, e1.GetRule()) + s.Contains(e1.GetDefinitionValueFqns(), fqn1) + s.Contains(e1.GetDefinitionValueFqns(), fqn2) + // value1 has multiple value-level subject mappings in the fixtures; every + // returned mapping must belong to value1 (verifies grouping by FQN). + s.GreaterOrEqual(len(e1.GetSubjectMappings()), 3) + for _, sm := range e1.GetSubjectMappings() { + s.Equal(fqn1, sm.GetAttributeValue().GetFqn()) + s.NotEmpty(sm.GetId()) + s.NotNil(sm.GetSubjectConditionSet()) + } + + e2 := resp[fqn2] + s.Require().NotNil(e2) + s.Equal(value2.ID, e2.GetValueId()) + s.GreaterOrEqual(len(e2.GetSubjectMappings()), 1) + for _, sm := range e2.GetSubjectMappings() { + s.Equal(fqn2, sm.GetAttributeValue().GetFqn()) + } +} + func (s *AttributesSuite) Test_UnsafeUpdateAttribute_NormalizesCasing() { created, err := s.db.PolicyClient.CreateAttribute(s.ctx, &attributes.CreateAttributeRequest{ Name: "BANANA_PUDDING", diff --git a/service/policy/attributes/attributes.go b/service/policy/attributes/attributes.go index bd5c505fce..6d3ca4e1c4 100644 --- a/service/policy/attributes/attributes.go +++ b/service/policy/attributes/attributes.go @@ -189,6 +189,23 @@ func (s *AttributesService) GetKeyMappingsByFqns(ctx context.Context, return connect.NewResponse(rsp), nil } +func (s *AttributesService) GetEntitleableAttributesByFqns(ctx context.Context, + req *connect.Request[attributes.GetEntitleableAttributesByFqnsRequest], +) (*connect.Response[attributes.GetEntitleableAttributesByFqnsResponse], error) { + ctx, span := s.Start(ctx, "GetEntitleableAttributesByFqns") + defer span.End() + + rsp := &attributes.GetEntitleableAttributesByFqnsResponse{} + + entitleable, err := s.dbClient.GetEntitleableAttributesByFqns(ctx, req.Msg) + if err != nil { + return nil, db.StatusifyError(ctx, s.logger, err, db.ErrTextGetRetrievalFailed, slog.String("fqns", fmt.Sprintf("%v", req.Msg.GetFqns()))) + } + rsp.FqnEntitleableAttributes = entitleable + + return connect.NewResponse(rsp), nil +} + func (s *AttributesService) UpdateAttribute(ctx context.Context, req *connect.Request[attributes.UpdateAttributeRequest], ) (*connect.Response[attributes.UpdateAttributeResponse], error) { diff --git a/service/policy/attributes/attributes.proto b/service/policy/attributes/attributes.proto index 05129b7c64..71d72259a0 100644 --- a/service/policy/attributes/attributes.proto +++ b/service/policy/attributes/attributes.proto @@ -371,6 +371,42 @@ message GetKeyMappingsByFqnsResponse { map fqn_key_mappings = 1; } +/* + Entitleable Attributes By FQNs (server-side decisioning path) + + Narrow read API for Auth Service / Access PDP entitlement resolution. Given + attribute value FQNs, returns the attribute rule, the value identity, the + ordered definition value FQNs (for hierarchy rule logic), and the subject + mappings needed to resolve entitlements. It does not return KAS keys, grants, + resource mappings, obligations, or metadata. +*/ +message GetEntitleableAttributesByFqnsRequest { + // Required + // Fully Qualified Names of attribute values (i.e. https:///attr//value/), normalized to lower case. + repeated string fqns = 1 [(buf.validate.field).repeated = { + min_items: 1 + max_items: 250 + }]; +} +message GetEntitleableAttributesByFqnsResponse { + message EntitleableAttribute { + // the attribute value FQN this entry is for + string fqn = 1; + // the parent attribute definition FQN + string attribute_fqn = 2; + // the attribute rule, which drives rule logic during decisioning + AttributeRuleTypeEnum rule = 3; + // identity of the attribute value + string value_id = 4; + // the definition's value FQNs in order, used for hierarchy rule expansion + repeated string definition_value_fqns = 5; + // subject mappings used to resolve entitlements for this value + repeated policy.SubjectMapping subject_mappings = 6; + } + // map of FQNs to their entitleable attribute information, for O(1) lookup + map fqn_entitleable_attributes = 1; +} + /* Assign Key Access Server (KAS Grant) to Attribute and Value */ @@ -496,6 +532,12 @@ service AttributesService { rpc GetKeyMappingsByFqns(GetKeyMappingsByFqnsRequest) returns (GetKeyMappingsByFqnsResponse) { option idempotency_level = NO_SIDE_EFFECTS; } + // Returns only entitlement-relevant information (rule, value identity, ordered + // definition values, and subject mappings) for the requested attribute value + // FQNs, for server-side decisioning / entitlement resolution. + rpc GetEntitleableAttributesByFqns(GetEntitleableAttributesByFqnsRequest) returns (GetEntitleableAttributesByFqnsResponse) { + option idempotency_level = NO_SIDE_EFFECTS; + } rpc CreateAttribute(CreateAttributeRequest) returns (CreateAttributeResponse) {} diff --git a/service/policy/db/attribute_fqn.go b/service/policy/db/attribute_fqn.go index 014e7dab09..ad77f51163 100644 --- a/service/policy/db/attribute_fqn.go +++ b/service/policy/db/attribute_fqn.go @@ -2,6 +2,7 @@ package db import ( "context" + "encoding/json" "fmt" "log/slog" "strings" @@ -233,6 +234,104 @@ func (c *PolicyDBClient) GetKeyMappingsByFqns(ctx context.Context, r *attributes return mappings, nil } +// GetEntitleableAttributesByFqns returns, for each requested attribute value FQN, +// the information needed to resolve entitlements: the attribute rule, the value +// identity, the definition's ordered value FQNs (for hierarchy rule logic), and +// the value-level subject mappings. It runs two selective queries: the attribute +// FQN lookup for rule/value/sibling data, and a single subject-mapping-by-FQN +// query, avoiding the full-policy load used by the entitlement path today. +func (c *PolicyDBClient) GetEntitleableAttributesByFqns(ctx context.Context, r *attributes.GetEntitleableAttributesByFqnsRequest) (map[string]*attributes.GetEntitleableAttributesByFqnsResponse_EntitleableAttribute, error) { + ctx, span := c.Start(ctx, "DB:GetEntitleableAttributesByFqns") + defer span.End() + + fqns := r.GetFqns() + normalized := make([]string, len(fqns)) + for i, fqn := range fqns { + normalized[i] = strings.ToLower(fqn) + } + + pairs, err := c.GetAttributesByValueFqns(ctx, &attributes.GetAttributeValuesByFqnsRequest{Fqns: normalized}) + if err != nil { + return nil, err + } + + // Fetch value-level subject mappings for the requested FQNs in one query and + // group them by the value FQN they map to. + smRows, err := c.queries.getSubjectMappingsByValueFqns(ctx, normalized) + if err != nil { + return nil, db.WrapIfKnownInvalidQueryErr(err) + } + subjectMappingsByFqn := make(map[string][]*policy.SubjectMapping, len(smRows)) + for _, row := range smRows { + sm, err := hydrateSubjectMappingForEntitlement(row) + if err != nil { + return nil, err + } + subjectMappingsByFqn[row.ValueFqn] = append(subjectMappingsByFqn[row.ValueFqn], sm) + } + + entitleable := make(map[string]*attributes.GetEntitleableAttributesByFqnsResponse_EntitleableAttribute, len(pairs)) + for fqn, pair := range pairs { + attr := pair.GetAttribute() + + definitionValueFqns := make([]string, 0, len(attr.GetValues())) + for _, v := range attr.GetValues() { + definitionValueFqns = append(definitionValueFqns, v.GetFqn()) + } + + entitleable[fqn] = &attributes.GetEntitleableAttributesByFqnsResponse_EntitleableAttribute{ + Fqn: fqn, + AttributeFqn: attr.GetFqn(), + Rule: attr.GetRule(), + ValueId: pair.GetValue().GetId(), + DefinitionValueFqns: definitionValueFqns, + SubjectMappings: subjectMappingsByFqn[fqn], + } + } + + return entitleable, nil +} + +// hydrateSubjectMappingForEntitlement converts a getSubjectMappingsByValueFqns +// row into a policy.SubjectMapping, mirroring the hydration in ListSubjectMappings. +func hydrateSubjectMappingForEntitlement(row getSubjectMappingsByValueFqnsRow) (*policy.SubjectMapping, error) { + metadata := &common.Metadata{} + if err := unmarshalMetadata(row.Metadata, metadata); err != nil { + return nil, err + } + + av := &policy.Value{} + if err := unmarshalAttributeValue(row.AttributeValue, av); err != nil { + return nil, err + } + + stdActionsBytes, err := json.Marshal(row.StandardActions) + if err != nil { + return nil, fmt.Errorf("failed to marshal standard actions: %w", err) + } + customActionsBytes, err := json.Marshal(row.CustomActions) + if err != nil { + return nil, fmt.Errorf("failed to marshal custom actions: %w", err) + } + actions := []*policy.Action{} + if err := unmarshalAllActionsProto(stdActionsBytes, customActionsBytes, &actions); err != nil { + return nil, err + } + + scs := policy.SubjectConditionSet{} + if err := unmarshalSubjectConditionSet(row.SubjectConditionSet, &scs); err != nil { + return nil, err + } + + return &policy.SubjectMapping{ + Id: row.ID, + Metadata: metadata, + AttributeValue: av, + SubjectConditionSet: &scs, + Actions: actions, + }, nil +} + // resolveEffectiveKasKeys selects the effective mapped KAS keys for a value using // value > definition > namespace precedence, matching the SDK granter logic in // sdk/granter.go (newGranterFromService). diff --git a/service/policy/db/queries/subject_mappings.sql b/service/policy/db/queries/subject_mappings.sql index c82c6b6211..536a4e3d50 100644 --- a/service/policy/db/queries/subject_mappings.sql +++ b/service/policy/db/queries/subject_mappings.sql @@ -202,6 +202,66 @@ ORDER BY LIMIT @limit_ OFFSET @offset_; +-- name: getSubjectMappingsByValueFqns :many +-- Returns value-level subject mappings for the provided attribute value FQNs, +-- for entitlement resolution. Each row carries the value FQN it maps to so the +-- caller can group mappings by FQN. Namespace-level mappings (no attribute value) +-- are excluded by the inner join on attribute_values. +WITH subject_actions AS ( + SELECT + sma.subject_mapping_id, + COALESCE( + JSONB_AGG(JSONB_BUILD_OBJECT('id', a.id, 'name', a.name, + 'namespace', CASE WHEN a.namespace_id IS NULL THEN NULL + ELSE JSONB_BUILD_OBJECT('id', ans.id, 'name', ans.name, 'fqn', ans_fqns.fqn) + END + )) FILTER (WHERE a.is_standard = TRUE), + '[]'::JSONB + ) AS standard_actions, + COALESCE( + JSONB_AGG(JSONB_BUILD_OBJECT('id', a.id, 'name', a.name, + 'namespace', CASE WHEN a.namespace_id IS NULL THEN NULL + ELSE JSONB_BUILD_OBJECT('id', ans.id, 'name', ans.name, 'fqn', ans_fqns.fqn) + END + )) FILTER (WHERE a.is_standard = FALSE), + '[]'::JSONB + ) AS custom_actions + FROM subject_mapping_actions sma + JOIN actions a ON sma.action_id = a.id + LEFT JOIN attribute_namespaces ans ON ans.id = a.namespace_id + LEFT JOIN attribute_fqns ans_fqns ON ans_fqns.namespace_id = ans.id AND ans_fqns.attribute_id IS NULL AND ans_fqns.value_id IS NULL + GROUP BY sma.subject_mapping_id +) +SELECT + sm.id, + fqns.fqn AS value_fqn, + sa.standard_actions, + sa.custom_actions, + JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', sm.metadata -> 'labels', 'created_at', sm.created_at, 'updated_at', sm.updated_at)) AS metadata, + JSON_BUILD_OBJECT( + 'id', scs.id, + 'metadata', JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', scs.metadata->'labels', 'created_at', scs.created_at, 'updated_at', scs.updated_at)), + 'subject_sets', scs.condition, + 'namespace', CASE + WHEN scs.namespace_id IS NULL THEN NULL + ELSE JSON_BUILD_OBJECT('id', scs_ns.id, 'name', scs_ns.name, 'fqn', scs_ns_fqns.fqn) + END + ) AS subject_condition_set, + JSON_BUILD_OBJECT( + 'id', av.id, + 'value', av.value, + 'active', av.active, + 'fqn', fqns.fqn + ) AS attribute_value +FROM subject_mappings sm +JOIN attribute_values av ON sm.attribute_value_id = av.id +JOIN attribute_fqns fqns ON av.id = fqns.value_id +LEFT JOIN subject_actions sa ON sm.id = sa.subject_mapping_id +LEFT JOIN subject_condition_set scs ON scs.id = sm.subject_condition_set_id +LEFT JOIN attribute_namespaces scs_ns ON scs_ns.id = scs.namespace_id +LEFT JOIN attribute_fqns scs_ns_fqns ON scs_ns_fqns.namespace_id = scs_ns.id AND scs_ns_fqns.attribute_id IS NULL AND scs_ns_fqns.value_id IS NULL +WHERE fqns.fqn = ANY(@value_fqns::TEXT[]); + -- name: getSubjectMapping :one SELECT sm.id, diff --git a/service/policy/db/subject_mappings.sql.go b/service/policy/db/subject_mappings.sql.go index ea5411c3e6..734ddaa7e9 100644 --- a/service/policy/db/subject_mappings.sql.go +++ b/service/policy/db/subject_mappings.sql.go @@ -352,6 +352,160 @@ func (q *Queries) getSubjectMapping(ctx context.Context, id string) (getSubjectM return i, err } +const getSubjectMappingsByValueFqns = `-- name: getSubjectMappingsByValueFqns :many +WITH subject_actions AS ( + SELECT + sma.subject_mapping_id, + COALESCE( + JSONB_AGG(JSONB_BUILD_OBJECT('id', a.id, 'name', a.name, + 'namespace', CASE WHEN a.namespace_id IS NULL THEN NULL + ELSE JSONB_BUILD_OBJECT('id', ans.id, 'name', ans.name, 'fqn', ans_fqns.fqn) + END + )) FILTER (WHERE a.is_standard = TRUE), + '[]'::JSONB + ) AS standard_actions, + COALESCE( + JSONB_AGG(JSONB_BUILD_OBJECT('id', a.id, 'name', a.name, + 'namespace', CASE WHEN a.namespace_id IS NULL THEN NULL + ELSE JSONB_BUILD_OBJECT('id', ans.id, 'name', ans.name, 'fqn', ans_fqns.fqn) + END + )) FILTER (WHERE a.is_standard = FALSE), + '[]'::JSONB + ) AS custom_actions + FROM subject_mapping_actions sma + JOIN actions a ON sma.action_id = a.id + LEFT JOIN attribute_namespaces ans ON ans.id = a.namespace_id + LEFT JOIN attribute_fqns ans_fqns ON ans_fqns.namespace_id = ans.id AND ans_fqns.attribute_id IS NULL AND ans_fqns.value_id IS NULL + GROUP BY sma.subject_mapping_id +) +SELECT + sm.id, + fqns.fqn AS value_fqn, + sa.standard_actions, + sa.custom_actions, + JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', sm.metadata -> 'labels', 'created_at', sm.created_at, 'updated_at', sm.updated_at)) AS metadata, + JSON_BUILD_OBJECT( + 'id', scs.id, + 'metadata', JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', scs.metadata->'labels', 'created_at', scs.created_at, 'updated_at', scs.updated_at)), + 'subject_sets', scs.condition, + 'namespace', CASE + WHEN scs.namespace_id IS NULL THEN NULL + ELSE JSON_BUILD_OBJECT('id', scs_ns.id, 'name', scs_ns.name, 'fqn', scs_ns_fqns.fqn) + END + ) AS subject_condition_set, + JSON_BUILD_OBJECT( + 'id', av.id, + 'value', av.value, + 'active', av.active, + 'fqn', fqns.fqn + ) AS attribute_value +FROM subject_mappings sm +JOIN attribute_values av ON sm.attribute_value_id = av.id +JOIN attribute_fqns fqns ON av.id = fqns.value_id +LEFT JOIN subject_actions sa ON sm.id = sa.subject_mapping_id +LEFT JOIN subject_condition_set scs ON scs.id = sm.subject_condition_set_id +LEFT JOIN attribute_namespaces scs_ns ON scs_ns.id = scs.namespace_id +LEFT JOIN attribute_fqns scs_ns_fqns ON scs_ns_fqns.namespace_id = scs_ns.id AND scs_ns_fqns.attribute_id IS NULL AND scs_ns_fqns.value_id IS NULL +WHERE fqns.fqn = ANY($1::TEXT[]) +` + +type getSubjectMappingsByValueFqnsRow struct { + ID string `json:"id"` + ValueFqn string `json:"value_fqn"` + StandardActions interface{} `json:"standard_actions"` + CustomActions interface{} `json:"custom_actions"` + Metadata []byte `json:"metadata"` + SubjectConditionSet []byte `json:"subject_condition_set"` + AttributeValue []byte `json:"attribute_value"` +} + +// Returns value-level subject mappings for the provided attribute value FQNs, +// for entitlement resolution. Each row carries the value FQN it maps to so the +// caller can group mappings by FQN. Namespace-level mappings (no attribute value) +// are excluded by the inner join on attribute_values. +// +// WITH subject_actions AS ( +// SELECT +// sma.subject_mapping_id, +// COALESCE( +// JSONB_AGG(JSONB_BUILD_OBJECT('id', a.id, 'name', a.name, +// 'namespace', CASE WHEN a.namespace_id IS NULL THEN NULL +// ELSE JSONB_BUILD_OBJECT('id', ans.id, 'name', ans.name, 'fqn', ans_fqns.fqn) +// END +// )) FILTER (WHERE a.is_standard = TRUE), +// '[]'::JSONB +// ) AS standard_actions, +// COALESCE( +// JSONB_AGG(JSONB_BUILD_OBJECT('id', a.id, 'name', a.name, +// 'namespace', CASE WHEN a.namespace_id IS NULL THEN NULL +// ELSE JSONB_BUILD_OBJECT('id', ans.id, 'name', ans.name, 'fqn', ans_fqns.fqn) +// END +// )) FILTER (WHERE a.is_standard = FALSE), +// '[]'::JSONB +// ) AS custom_actions +// FROM subject_mapping_actions sma +// JOIN actions a ON sma.action_id = a.id +// LEFT JOIN attribute_namespaces ans ON ans.id = a.namespace_id +// LEFT JOIN attribute_fqns ans_fqns ON ans_fqns.namespace_id = ans.id AND ans_fqns.attribute_id IS NULL AND ans_fqns.value_id IS NULL +// GROUP BY sma.subject_mapping_id +// ) +// SELECT +// sm.id, +// fqns.fqn AS value_fqn, +// sa.standard_actions, +// sa.custom_actions, +// JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', sm.metadata -> 'labels', 'created_at', sm.created_at, 'updated_at', sm.updated_at)) AS metadata, +// JSON_BUILD_OBJECT( +// 'id', scs.id, +// 'metadata', JSON_STRIP_NULLS(JSON_BUILD_OBJECT('labels', scs.metadata->'labels', 'created_at', scs.created_at, 'updated_at', scs.updated_at)), +// 'subject_sets', scs.condition, +// 'namespace', CASE +// WHEN scs.namespace_id IS NULL THEN NULL +// ELSE JSON_BUILD_OBJECT('id', scs_ns.id, 'name', scs_ns.name, 'fqn', scs_ns_fqns.fqn) +// END +// ) AS subject_condition_set, +// JSON_BUILD_OBJECT( +// 'id', av.id, +// 'value', av.value, +// 'active', av.active, +// 'fqn', fqns.fqn +// ) AS attribute_value +// FROM subject_mappings sm +// JOIN attribute_values av ON sm.attribute_value_id = av.id +// JOIN attribute_fqns fqns ON av.id = fqns.value_id +// LEFT JOIN subject_actions sa ON sm.id = sa.subject_mapping_id +// LEFT JOIN subject_condition_set scs ON scs.id = sm.subject_condition_set_id +// LEFT JOIN attribute_namespaces scs_ns ON scs_ns.id = scs.namespace_id +// LEFT JOIN attribute_fqns scs_ns_fqns ON scs_ns_fqns.namespace_id = scs_ns.id AND scs_ns_fqns.attribute_id IS NULL AND scs_ns_fqns.value_id IS NULL +// WHERE fqns.fqn = ANY($1::TEXT[]) +func (q *Queries) getSubjectMappingsByValueFqns(ctx context.Context, valueFqns []string) ([]getSubjectMappingsByValueFqnsRow, error) { + rows, err := q.db.Query(ctx, getSubjectMappingsByValueFqns, valueFqns) + if err != nil { + return nil, err + } + defer rows.Close() + var items []getSubjectMappingsByValueFqnsRow + for rows.Next() { + var i getSubjectMappingsByValueFqnsRow + if err := rows.Scan( + &i.ID, + &i.ValueFqn, + &i.StandardActions, + &i.CustomActions, + &i.Metadata, + &i.SubjectConditionSet, + &i.AttributeValue, + ); err != nil { + return nil, err + } + items = append(items, i) + } + if err := rows.Err(); err != nil { + return nil, err + } + return items, nil +} + const listSubjectConditionSets = `-- name: listSubjectConditionSets :many WITH params AS (