diff --git a/cache/expand.go b/cache/expand.go index 58066eb..99fc297 100644 --- a/cache/expand.go +++ b/cache/expand.go @@ -28,8 +28,11 @@ func (c *Cache) ExpandRelation(on model.ObjectName, rn model.RelationName) []mod // iterate through relation set, determine if it "unions" with the given relation. for _, r := range rs { - if r.Subject != nil && r.Subject.Object == on { + switch { + case r.Subject != nil && r.Subject.Object == on: results = append(results, r.Subject.Relation) + case r.Direct != "": + results = append(results, c.ExpandRelation(on, model.RelationName(r.Direct))...) } } @@ -47,15 +50,17 @@ func (c *Cache) ExpandPermission(on model.ObjectName, pn model.PermissionName) [ results := []model.RelationName{} // starting object type and permission must exist in order to be expanded. - if o, ok := c.model.Objects[on]; !ok { + o, ok := c.model.Objects[on] + if !ok { return results - } else if _, ok := o.Permissions[pn]; !ok { + } + if _, ok := o.Permissions[pn]; !ok { return results } p := c.model.Objects[on].Permissions[pn] - results = append(results, expandUnion(p.Union)...) + results = append(results, c.expandUnion(o, p.Union...)...) for _, rn := range results { results = append(results, c.ExpandRelation(on, rn)...) @@ -65,10 +70,21 @@ func (c *Cache) ExpandPermission(on model.ObjectName, pn model.PermissionName) [ } // convert union []string to []model.RelationName. -func expandUnion(u []string) []model.RelationName { +func (c *Cache) expandUnion(o *model.Object, u ...string) []model.RelationName { result := []model.RelationName{} for _, v := range u { - result = append(result, model.RelationName(v)) + rn := model.RelationName(v) + result = append(result, rn) + + exp := lo.FilterMap(o.Relations[rn], func(r *model.Relation, _ int) (string, bool) { + if r.Direct == "" { + return "", false + } + _, ok := o.Relations[model.RelationName(r.Direct)] + return string(r.Direct), ok + + }) + result = append(result, c.expandUnion(o, exp...)...) } return result } diff --git a/cache/expand_test.go b/cache/expand_test.go index 2a419db..74f6c12 100644 --- a/cache/expand_test.go +++ b/cache/expand_test.go @@ -3,18 +3,22 @@ package cache_test import ( "encoding/json" "os" + "path/filepath" + "strings" "testing" "github.com/aserto-dev/azm/cache" "github.com/aserto-dev/azm/model" + v3 "github.com/aserto-dev/azm/v3" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) // load model cache from serialized model file. -func loadModelCache(t *testing.T, filepath string) *cache.Cache { - r, err := os.Open(filepath) +func loadModelCache(t *testing.T, path string) *cache.Cache { + r, err := os.Open(path) require.NoError(t, err) + defer r.Close() var mc model.Model dec := json.NewDecoder(r) @@ -25,6 +29,25 @@ func loadModelCache(t *testing.T, filepath string) *cache.Cache { return cache.New(&mc) } +// helper to regenerate the serialized cache from a manifest. +func loadFromManifest(t *testing.T, path string) *cache.Cache { // nolint:unused + r, err := os.Open(path) + require.NoError(t, err) + defer r.Close() + + m, err := v3.Load(r) + require.NoError(t, err) + + cachefile := strings.TrimSuffix(path, filepath.Ext(path)) + ".json" + w, err := os.Create(cachefile) + require.NoError(t, err) + defer w.Close() + + require.NoError(t, m.Write(w)) + + return cache.New(m) +} + func TestExpandRelation(t *testing.T) { mc := loadModelCache(t, "./expand_test.json") diff --git a/cache/expand_test.json b/cache/expand_test.json index 540500b..754443e 100644 --- a/cache/expand_test.json +++ b/cache/expand_test.json @@ -1,2706 +1,1255 @@ { "version": 1, "types": { - "application": { - "relations": { - "user": [] - } - }, - "group": { - "relations": { - "member": [] - } - }, - "identity": { - "relations": { - "identifier": [] - } - }, + "account": { "relations": { "owner": [{ "direct": "user" }] } }, + "group": { "relations": { "member": [{ "direct": "user" }] } }, + "identity": { "relations": { "identifier": [{ "direct": "user" }] } }, "machine": {}, - "resource": {}, "service": {}, "system": { "relations": { - "admin": [], + "admin": [{ "direct": "user" }], "directory-reader": [ - { - "subject": { - "object": "system", - "relation": "directory-writer" - } - } + { "direct": "directory-writer" }, + { "direct": "user" } ], "directory-store-reader": [ - { - "subject": { - "object": "system", - "relation": "directory-store-writer" - } - } + { "direct": "directory-store-writer" }, + { "direct": "user" } ], - "directory-store-writer": [], - "directory-writer": [], - "task-handler": [], - "task-manager": [], - "user": [] + "directory-store-writer": [{ "direct": "user" }], + "directory-writer": [{ "direct": "user" }], + "task-handler": [{ "direct": "user" }], + "task-manager": [{ "direct": "user" }] }, "permissions": { "aserto.authorizer.authorizer.v1.authorizer.decisiontree": { - "union": [ - "admin" - ] - }, - "aserto.authorizer.authorizer.v1.authorizer.is": { - "union": [ - "admin" - ] + "union": ["admin"] }, + "aserto.authorizer.authorizer.v1.authorizer.is": { "union": ["admin"] }, "aserto.authorizer.authorizer.v1.authorizer.query": { - "union": [ - "admin" - ] + "union": ["admin"] }, "aserto.authorizer.directory.v1.directory.createtenant": { - "union": [ - "admin", - "directory-writer" - ] + "union": ["admin", "directory-writer"] }, "aserto.authorizer.directory.v1.directory.createuser": { - "union": [ - "admin", - "directory-writer" - ] + "union": ["admin", "directory-writer"] }, "aserto.authorizer.directory.v1.directory.deleteapplpermission": { - "union": [ - "admin", - "directory-writer" - ] + "union": ["admin", "directory-writer"] }, "aserto.authorizer.directory.v1.directory.deleteapplproperty": { - "union": [ - "admin", - "directory-writer" - ] + "union": ["admin", "directory-writer"] }, "aserto.authorizer.directory.v1.directory.deleteapplrole": { - "union": [ - "admin", - "directory-writer" - ] + "union": ["admin", "directory-writer"] }, "aserto.authorizer.directory.v1.directory.deleteresource": { - "union": [ - "admin", - "directory-writer" - ] + "union": ["admin", "directory-writer"] }, "aserto.authorizer.directory.v1.directory.deletetenant": { - "union": [ - "admin", - "directory-writer" - ] + "union": ["admin", "directory-writer"] }, "aserto.authorizer.directory.v1.directory.deleteuser": { - "union": [ - "admin", - "directory-writer" - ] + "union": ["admin", "directory-writer"] }, "aserto.authorizer.directory.v1.directory.deleteuserapplication": { - "union": [ - "admin", - "directory-writer" - ] + "union": ["admin", "directory-writer"] }, "aserto.authorizer.directory.v1.directory.deleteuserpermission": { - "union": [ - "admin", - "directory-writer" - ] + "union": ["admin", "directory-writer"] }, "aserto.authorizer.directory.v1.directory.deleteuserproperty": { - "union": [ - "admin", - "directory-writer" - ] + "union": ["admin", "directory-writer"] }, "aserto.authorizer.directory.v1.directory.deleteuserrole": { - "union": [ - "admin", - "directory-writer" - ] + "union": ["admin", "directory-writer"] }, "aserto.authorizer.directory.v1.directory.getapplpermissions": { - "union": [ - "admin", - "directory-reader" - ] + "union": ["directory-reader", "admin"] }, "aserto.authorizer.directory.v1.directory.getapplproperties": { - "union": [ - "admin", - "directory-reader" - ] + "union": ["admin", "directory-reader"] }, "aserto.authorizer.directory.v1.directory.getapplroles": { - "union": [ - "admin", - "directory-reader" - ] + "union": ["admin", "directory-reader"] }, "aserto.authorizer.directory.v1.directory.getidentity": { - "union": [ - "admin", - "directory-reader" - ] + "union": ["admin", "directory-reader"] }, "aserto.authorizer.directory.v1.directory.getresource": { - "union": [ - "admin", - "directory-reader" - ] + "union": ["admin", "directory-reader"] }, "aserto.authorizer.directory.v1.directory.getuser": { - "union": [ - "admin", - "directory-reader" - ] + "union": ["admin", "directory-reader"] }, "aserto.authorizer.directory.v1.directory.getuserpermissions": { - "union": [ - "admin", - "directory-reader" - ] + "union": ["admin", "directory-reader"] }, "aserto.authorizer.directory.v1.directory.getuserproperties": { - "union": [ - "admin", - "directory-reader" - ] + "union": ["directory-reader", "admin"] }, "aserto.authorizer.directory.v1.directory.getuserroles": { - "union": [ - "admin", - "directory-reader" - ] + "union": ["admin", "directory-reader"] }, "aserto.authorizer.directory.v1.directory.getvalue": { - "union": [ - "admin", - "directory-reader" - ] + "union": ["admin", "directory-reader"] }, "aserto.authorizer.directory.v1.directory.listresources": { - "union": [ - "admin", - "directory-reader" - ] + "union": ["admin", "directory-reader"] }, "aserto.authorizer.directory.v1.directory.listtenants": { - "union": [ - "admin", - "directory-reader" - ] + "union": ["admin", "directory-reader"] }, "aserto.authorizer.directory.v1.directory.listuserapplications": { - "union": [ - "admin", - "directory-reader" - ] + "union": ["admin", "directory-reader"] }, "aserto.authorizer.directory.v1.directory.listusers": { - "union": [ - "admin", - "directory-reader" - ] + "union": ["admin", "directory-reader"] }, "aserto.authorizer.directory.v1.directory.loadusers": { - "union": [ - "admin", - "directory-writer" - ] + "union": ["admin", "directory-writer"] }, "aserto.authorizer.directory.v1.directory.setapplpermission": { - "union": [ - "admin", - "directory-writer" - ] + "union": ["admin", "directory-writer"] }, "aserto.authorizer.directory.v1.directory.setapplpermissions": { - "union": [ - "admin", - "directory-writer" - ] + "union": ["admin", "directory-writer"] }, "aserto.authorizer.directory.v1.directory.setapplproperties": { - "union": [ - "admin", - "directory-writer" - ] + "union": ["admin", "directory-writer"] }, "aserto.authorizer.directory.v1.directory.setapplproperty": { - "union": [ - "admin", - "directory-writer" - ] + "union": ["directory-writer", "admin"] }, "aserto.authorizer.directory.v1.directory.setapplrole": { - "union": [ - "admin", - "directory-writer" - ] + "union": ["admin", "directory-writer"] }, "aserto.authorizer.directory.v1.directory.setapplroles": { - "union": [ - "admin", - "directory-writer" - ] + "union": ["admin", "directory-writer"] }, "aserto.authorizer.directory.v1.directory.setresource": { - "union": [ - "admin", - "directory-writer" - ] + "union": ["admin", "directory-writer"] }, "aserto.authorizer.directory.v1.directory.setuserpermission": { - "union": [ - "admin", - "directory-writer" - ] + "union": ["admin", "directory-writer"] }, "aserto.authorizer.directory.v1.directory.setuserpermissions": { - "union": [ - "admin", - "directory-writer" - ] + "union": ["admin", "directory-writer"] }, "aserto.authorizer.directory.v1.directory.setuserproperties": { - "union": [ - "admin", - "directory-writer" - ] + "union": ["admin", "directory-writer"] }, "aserto.authorizer.directory.v1.directory.setuserproperty": { - "union": [ - "admin", - "directory-writer" - ] + "union": ["admin", "directory-writer"] }, "aserto.authorizer.directory.v1.directory.setuserrole": { - "union": [ - "admin", - "directory-writer" - ] + "union": ["admin", "directory-writer"] }, "aserto.authorizer.directory.v1.directory.setuserroles": { - "union": [ - "admin", - "directory-writer" - ] + "union": ["admin", "directory-writer"] }, "aserto.authorizer.directory.v1.directory.updateuser": { - "union": [ - "admin", - "directory-writer" - ] - }, - "aserto.authorizer.policy.v1.policy.getmodule": { - "union": [ - "admin" - ] + "union": ["admin", "directory-writer"] }, + "aserto.authorizer.policy.v1.policy.getmodule": { "union": ["admin"] }, "aserto.authorizer.policy.v1.policy.getpolicies": { - "union": [ - "admin" - ] + "union": ["admin"] }, "aserto.authorizer.policy.v1.policy.listpolicies": { - "union": [ - "admin" - ] - }, - "aserto.authorizer.system.v1.system.getruntime": { - "union": [ - "admin" - ] + "union": ["admin"] }, + "aserto.authorizer.system.v1.system.getruntime": { "union": ["admin"] }, "aserto.authorizer.system.v1.system.setloglevel": { - "union": [ - "admin" - ] + "union": ["admin"] }, "aserto.authorizer.system.v1.system.setupruntime": { - "union": [ - "admin" - ] + "union": ["admin"] }, "aserto.authorizer.system.v1.system.tenantconfig": { - "union": [ - "admin" - ] + "union": ["admin"] }, "aserto.authorizer.system.v1.system.unloadruntime": { - "union": [ - "admin" - ] - }, - "aserto.common.info.v1.config.get": { - "union": [ - "admin" - ] - }, - "aserto.common.info.v1.info.info": { - "union": [ - "admin" - ] - }, - "aserto.decision.logs.v1.decisionlogs.executequery": { - "union": [ - "admin" - ] - }, - "aserto.decision.logs.v1.decisionlogs.getdecisionlog": { - "union": [ - "admin" - ] + "union": ["admin"] }, - "aserto.decision.logs.v1.decisionlogs.getdecisions": { - "union": [ - "admin" - ] + "aserto.common.info.v1.config.get": { "union": ["admin"] }, + "aserto.common.info.v1.info.info": { "union": ["admin"] }, + "aserto.decision_logs.v1.decisionlogs.executequery": { + "union": ["admin"] }, - "aserto.decision.logs.v1.decisionlogs.getuser": { - "union": [ - "admin" - ] + "aserto.decision_logs.v1.decisionlogs.getdecisionlog": { + "union": ["admin"] }, - "aserto.decision.logs.v1.decisionlogs.listdecisionlogs": { - "union": [ - "admin" - ] + "aserto.decision_logs.v1.decisionlogs.getdecisions": { + "union": ["admin"] }, - "aserto.decision.logs.v1.decisionlogs.listusers": { - "union": [ - "admin" - ] + "aserto.decision_logs.v1.decisionlogs.getuser": { "union": ["admin"] }, + "aserto.decision_logs.v1.decisionlogs.listdecisionlogs": { + "union": ["admin"] }, - "aserto.decision.logs.v2.decisionlogs.executequery": { - "union": [ - "admin" - ] + "aserto.decision_logs.v1.decisionlogs.listusers": { + "union": ["admin"] }, - "aserto.decision.logs.v2.decisionlogs.getdecisionlog": { - "union": [ - "admin" - ] + "aserto.decision_logs.v2.decisionlogs.executequery": { + "union": ["admin"] }, - "aserto.decision.logs.v2.decisionlogs.getdecisions": { - "union": [ - "admin" - ] + "aserto.decision_logs.v2.decisionlogs.getdecisionlog": { + "union": ["admin"] }, - "aserto.decision.logs.v2.decisionlogs.getuser": { - "union": [ - "admin" - ] + "aserto.decision_logs.v2.decisionlogs.getdecisions": { + "union": ["admin"] }, - "aserto.decision.logs.v2.decisionlogs.listdecisionlogs": { - "union": [ - "admin" - ] + "aserto.decision_logs.v2.decisionlogs.getuser": { "union": ["admin"] }, + "aserto.decision_logs.v2.decisionlogs.listdecisionlogs": { + "union": ["admin"] }, - "aserto.decision.logs.v2.decisionlogs.listusers": { - "union": [ - "admin" - ] + "aserto.decision_logs.v2.decisionlogs.listusers": { + "union": ["admin"] }, "aserto.directory.exporter.v2.exporter.export": { - "union": [ - "directory-reader" - ] + "union": ["directory-reader"] }, "aserto.directory.importer.v2.importer.import": { - "union": [ - "directory-writer" - ] + "union": ["directory-writer"] }, "aserto.directory.reader.v2.reader.checkpermission": { - "union": [ - "directory-reader" - ] + "union": ["directory-reader"] }, "aserto.directory.reader.v2.reader.checkrelation": { - "union": [ - "directory-reader" - ] + "union": ["directory-reader"] }, "aserto.directory.reader.v2.reader.getgraph": { - "union": [ - "directory-reader" - ] + "union": ["directory-reader"] }, "aserto.directory.reader.v2.reader.getobject": { - "union": [ - "directory-reader" - ] + "union": ["directory-reader"] }, "aserto.directory.reader.v2.reader.getobjectmany": { - "union": [ - "directory-reader" - ] + "union": ["directory-reader"] }, "aserto.directory.reader.v2.reader.getobjects": { - "union": [ - "directory-reader" - ] + "union": ["directory-reader"] }, "aserto.directory.reader.v2.reader.getobjecttype": { - "union": [ - "directory-reader" - ] + "union": ["directory-reader"] }, "aserto.directory.reader.v2.reader.getobjecttypes": { - "union": [ - "directory-reader" - ] + "union": ["directory-reader"] }, "aserto.directory.reader.v2.reader.getpermission": { - "union": [ - "directory-reader" - ] + "union": ["directory-reader"] }, "aserto.directory.reader.v2.reader.getpermissions": { - "union": [ - "directory-reader" - ] + "union": ["directory-reader"] }, "aserto.directory.reader.v2.reader.getrelation": { - "union": [ - "directory-reader" - ] + "union": ["directory-reader"] }, "aserto.directory.reader.v2.reader.getrelations": { - "union": [ - "directory-reader" - ] + "union": ["directory-reader"] }, "aserto.directory.reader.v2.reader.getrelationtype": { - "union": [ - "directory-reader" - ] + "union": ["directory-reader"] }, "aserto.directory.reader.v2.reader.getrelationtypes": { - "union": [ - "directory-reader" - ] + "union": ["directory-reader"] }, "aserto.directory.store.v2.store.createtenant": { - "union": [ - "directory-store-writer" - ] + "union": ["directory-store-writer"] }, "aserto.directory.store.v2.store.deletetenant": { - "union": [ - "directory-store-writer" - ] + "union": ["directory-store-writer"] }, "aserto.directory.store.v2.store.gettenant": { - "union": [ - "directory-store-reader" - ] + "union": ["directory-store-reader"] }, "aserto.directory.store.v2.store.info": { - "union": [ - "directory-store-writer" - ] + "union": ["directory-store-writer"] }, "aserto.directory.store.v2.store.listtenants": { - "union": [ - "directory-store-reader" - ] + "union": ["directory-store-reader"] }, "aserto.directory.store.v2.store.migrateschema": { - "union": [ - "directory-store-writer" - ] + "union": ["directory-store-writer"] }, "aserto.directory.writer.v2.writer.deleteobject": { - "union": [ - "directory-writer" - ] + "union": ["directory-writer"] }, "aserto.directory.writer.v2.writer.deleteobjecttype": { - "union": [ - "directory-writer" - ] + "union": ["directory-writer"] }, "aserto.directory.writer.v2.writer.deletepermission": { - "union": [ - "directory-writer" - ] + "union": ["directory-writer"] }, "aserto.directory.writer.v2.writer.deleterelation": { - "union": [ - "directory-writer" - ] + "union": ["directory-writer"] }, "aserto.directory.writer.v2.writer.deleterelationtype": { - "union": [ - "directory-writer" - ] + "union": ["directory-writer"] }, "aserto.directory.writer.v2.writer.setobject": { - "union": [ - "directory-writer" - ] + "union": ["directory-writer"] }, "aserto.directory.writer.v2.writer.setobjecttype": { - "union": [ - "directory-writer" - ] + "union": ["directory-writer"] }, "aserto.directory.writer.v2.writer.setpermission": { - "union": [ - "directory-writer" - ] + "union": ["directory-writer"] }, "aserto.directory.writer.v2.writer.setrelation": { - "union": [ - "directory-writer" - ] + "union": ["directory-writer"] }, "aserto.directory.writer.v2.writer.setrelationtype": { - "union": [ - "directory-writer" - ] + "union": ["directory-writer"] }, "aserto.discovery.policy.v1.discovery.opadiscovery": { - "union": [ - "admin" - ] + "union": ["admin"] }, "aserto.discovery.policy.v2.discovery.opainstancediscovery": { - "union": [ - "admin" - ] + "union": ["admin"] + }, + "aserto.funnel.v1.funnel.runworkflow": { "union": ["admin"] }, + "aserto.funnel.v1.funnel.startworkflow": { "union": ["admin"] }, + "aserto.funnel.v1.funnel.stopworkflow": { "union": ["admin"] }, + "aserto.maestro.system.aonadeleteorg": { "union": ["admin"] }, + "aserto.maestro.system.authorizerdeleteorg": { "union": ["admin"] }, + "aserto.maestro.system.harddeleteorg": { "union": ["admin"] }, + "aserto.maestro.system.tenantdeleteorg": { "union": ["admin"] }, + "aserto.maestro.user.getpolicystate": { "union": ["admin"] }, + "aserto.maestro.user.policy": { "union": ["admin"] }, + "aserto.maestro.user.testwf": { "union": ["admin"] }, + "aserto.management.v2.controller.commandstream": { "union": ["admin"] }, + "aserto.management.v2.controlplane.execcommand": { "union": ["admin"] }, + "aserto.management.v2.controlplane.listinstanceregistrations": { + "union": ["admin"] }, - "aserto.funnel.v1.funnel.runworkflow": { - "union": [ - "admin" - ] + "aserto.registry.v1.registry.createimage": { "union": ["admin"] }, + "aserto.registry.v1.registry.getreadaccesstoken": { + "union": ["admin"] }, - "aserto.funnel.v1.funnel.startworkflow": { - "union": [ - "admin" - ] + "aserto.registry.v1.registry.getwriteaccesstoken": { + "union": ["admin"] }, - "aserto.funnel.v1.funnel.stopworkflow": { - "union": [ - "admin" - ] + "aserto.registry.v1.registry.listdigests": { "union": ["admin"] }, + "aserto.registry.v1.registry.listimages": { "union": ["admin"] }, + "aserto.registry.v1.registry.listorgs": { "union": ["admin"] }, + "aserto.registry.v1.registry.listpublicimages": { "union": ["admin"] }, + "aserto.registry.v1.registry.listpublicorgs": { "union": ["admin"] }, + "aserto.registry.v1.registry.listtagswithdetails": { + "union": ["admin"] }, - "aserto.maestro.system.aonadeleteorg": { - "union": [ - "admin" - ] + "aserto.registry.v1.registry.removeimage": { "union": ["admin"] }, + "aserto.registry.v1.registry.repoavailable": { "union": ["admin"] }, + "aserto.registry.v1.registry.setimagevisibility": { + "union": ["admin"] }, - "aserto.maestro.system.authorizerdeleteorg": { - "union": [ - "admin" - ] + "aserto.registry_tenant.v1.policy.createpolicyimage": { + "union": ["admin"] }, - "aserto.maestro.system.harddeleteorg": { - "union": [ - "admin" - ] + "aserto.registry_tenant.v1.policy.deletepolicyimage": { + "union": ["admin"] }, - "aserto.maestro.system.tenantdeleteorg": { - "union": [ - "admin" - ] + "aserto.registry_tenant.v1.policy.getpolicyimage": { + "union": ["admin"] }, - "aserto.maestro.user.getpolicystate": { - "union": [ - "admin" - ] + "aserto.registry_tenant.v1.policy.listpolicyimages": { + "union": ["admin"] }, - "aserto.maestro.user.policy": { - "union": [ - "admin" - ] + "aserto.registry_tenant.v1.policy.listpublicpolicyimages": { + "union": ["admin"] }, - "aserto.maestro.user.testwf": { - "union": [ - "admin" - ] + "aserto.registry_tenant.v1.policy.updatepolicyimage": { + "union": ["admin"] }, - "aserto.management.v2.controller.commandstream": { - "union": [ - "admin" - ] + "aserto.registry_tenant.v1.policyrepo.createpolicyrepo": { + "union": ["admin"] }, - "aserto.management.v2.controlplane.execcommand": { - "union": [ - "admin" - ] + "aserto.registry_tenant.v1.policyrepo.deletepolicyrepo": { + "union": ["admin"] }, - "aserto.management.v2.controlplane.listinstanceregistrations": { - "union": [ - "admin" - ] + "aserto.registry_tenant.v1.policyrepo.getpolicyrepo": { + "union": ["admin"] }, - "aserto.registry.tenant.v1.policy.createpolicyimage": { - "union": [ - "admin" - ] + "aserto.registry_tenant.v1.policyrepo.listpolicyrepos": { + "union": ["admin"] }, - "aserto.registry.tenant.v1.policy.deletepolicyimage": { - "union": [ - "admin" - ] + "aserto.registry_tenant.v1.policyrepo.listpublicpolicyrepos": { + "union": ["admin"] }, - "aserto.registry.tenant.v1.policy.getpolicyimage": { - "union": [ - "admin" - ] + "aserto.registry_tenant.v1.policyrepo.updatepolicyrepo": { + "union": ["admin"] }, - "aserto.registry.tenant.v1.policy.listpolicyimages": { - "union": [ - "admin" - ] + "aserto.registry_tenant.v1.tenant.listpublictenants": { + "union": ["admin"] }, - "aserto.registry.tenant.v1.policy.listpublicpolicyimages": { - "union": [ - "admin" - ] + "aserto.registry_tenant.v1.tenant.listtenants": { "union": ["admin"] }, + "aserto.system.v2.tenantcache.invalidatesecretskey": { + "union": ["admin"] }, - "aserto.registry.tenant.v1.policy.updatepolicyimage": { - "union": [ - "admin" - ] + "aserto.task.handler.v1.handler.handlejob": { + "union": ["task-handler"] }, - "aserto.registry.tenant.v1.policyrepo.createpolicyrepo": { - "union": [ - "admin" - ] + "aserto.task.handler.v1.handler.handletask": { + "union": ["task-handler"] }, - "aserto.registry.tenant.v1.policyrepo.deletepolicyrepo": { - "union": [ - "admin" - ] + "aserto.task.manager.v1.manager.createjob": { + "union": ["task-manager"] }, - "aserto.registry.tenant.v1.policyrepo.getpolicyrepo": { - "union": [ - "admin" - ] + "aserto.task.manager.v1.manager.createtask": { + "union": ["task-manager"] }, - "aserto.registry.tenant.v1.policyrepo.listpolicyrepos": { - "union": [ - "admin" - ] + "aserto.task.manager.v1.manager.deletejob": { + "union": ["task-manager"] }, - "aserto.registry.tenant.v1.policyrepo.listpublicpolicyrepos": { - "union": [ - "admin" - ] + "aserto.task.manager.v1.manager.deletetask": { + "union": ["task-manager"] }, - "aserto.registry.tenant.v1.policyrepo.updatepolicyrepo": { - "union": [ - "admin" - ] + "aserto.task.manager.v1.manager.execjob": { "union": ["task-manager"] }, + "aserto.task.manager.v1.manager.exectask": { + "union": ["task-manager"] }, - "aserto.registry.tenant.v1.tenant.listpublictenants": { - "union": [ - "admin" - ] + "aserto.task.manager.v1.manager.getjob": { "union": ["task-manager"] }, + "aserto.task.manager.v1.manager.gettask": { "union": ["task-manager"] }, + "aserto.tenant.account.v1.account.getaccount": { "union": ["admin"] }, + "aserto.tenant.account.v1.account.listinvites": { "union": ["admin"] }, + "aserto.tenant.account.v1.account.signupaccount": { + "union": ["admin"] }, - "aserto.registry.tenant.v1.tenant.listtenants": { - "union": [ - "admin" - ] + "aserto.tenant.account.v1.account.updateaccount": { + "union": ["admin"] }, - "aserto.registry.v1.registry.createimage": { - "union": [ - "admin" - ] + "aserto.tenant.connection.v1.connection.connectionavailable": { + "union": ["admin"] }, - "aserto.registry.v1.registry.getreadaccesstoken": { - "union": [ - "admin" - ] + "aserto.tenant.connection.v1.connection.createconnection": { + "union": ["admin"] }, - "aserto.registry.v1.registry.getwriteaccesstoken": { - "union": [ - "admin" - ] + "aserto.tenant.connection.v1.connection.deleteconnection": { + "union": ["admin"] }, - "aserto.registry.v1.registry.listdigests": { - "union": [ - "admin" - ] + "aserto.tenant.connection.v1.connection.getconnection": { + "union": ["admin"] }, - "aserto.registry.v1.registry.listimages": { - "union": [ - "admin" - ] + "aserto.tenant.connection.v1.connection.listconnections": { + "union": ["admin"] }, - "aserto.registry.v1.registry.listorgs": { - "union": [ - "admin" - ] + "aserto.tenant.connection.v1.connection.rotatesecret": { + "union": ["admin"] }, - "aserto.registry.v1.registry.listpublicimages": { - "union": [ - "admin" - ] + "aserto.tenant.connection.v1.connection.updateconnection": { + "union": ["admin"] }, - "aserto.registry.v1.registry.listpublicorgs": { - "union": [ - "admin" - ] + "aserto.tenant.connection.v1.connection.verifyconnection": { + "union": ["admin"] }, - "aserto.registry.v1.registry.listtagswithdetails": { - "union": [ - "admin" - ] + "aserto.tenant.onboarding.v1.onboarding.claimtenant": { + "union": ["admin"] }, - "aserto.registry.v1.registry.removeimage": { - "union": [ - "admin" - ] + "aserto.tenant.onboarding.v1.onboarding.inviteuser": { + "union": ["admin"] }, - "aserto.registry.v1.registry.repoavailable": { - "union": [ - "admin" - ] + "aserto.tenant.onboarding.v1.onboarding.tenantavailable": { + "union": ["admin"] }, - "aserto.registry.v1.registry.setimagevisibility": { - "union": [ - "admin" - ] + "aserto.tenant.policy.v1.policy.createpolicyref": { + "union": ["admin"] }, - "aserto.system.v2.tenantcache.invalidatesecretskey": { - "union": [ - "admin" - ] + "aserto.tenant.policy.v1.policy.deletepolicyref": { + "union": ["admin"] }, - "aserto.task.handler.v1.handler.handlejob": { - "union": [ - "task-handler" - ] + "aserto.tenant.policy.v1.policy.listpolicyrefs": { "union": ["admin"] }, + "aserto.tenant.policy.v1.policy.opadiscovery": { "union": ["admin"] }, + "aserto.tenant.policy.v1.policy.opainstancediscovery": { + "union": ["admin"] }, - "aserto.task.handler.v1.handler.handletask": { - "union": [ - "task-handler" - ] + "aserto.tenant.policy.v1.policy.updatepolicyref": { + "union": ["admin"] }, - "aserto.task.manager.v1.manager.createjob": { - "union": [ - "task-manager" - ] + "aserto.tenant.policy_builder.v1.policybuilder.createpolicybuilder": { + "union": ["admin"] }, - "aserto.task.manager.v1.manager.createtask": { - "union": [ - "task-manager" - ] + "aserto.tenant.policy_builder.v1.policybuilder.deletepolicybuilder": { + "union": ["admin"] }, - "aserto.task.manager.v1.manager.deletejob": { - "union": [ - "task-manager" - ] + "aserto.tenant.policy_builder.v1.policybuilder.listpolicybuilders": { + "union": ["admin"] }, - "aserto.task.manager.v1.manager.deletetask": { - "union": [ - "task-manager" - ] + "aserto.tenant.profile.v1.profile.getinvites": { "union": ["admin"] }, + "aserto.tenant.profile.v1.profile.getprofile": { "union": ["admin"] }, + "aserto.tenant.profile.v1.profile.inviteuser": { "union": ["admin"] }, + "aserto.tenant.profile.v1.profile.removemember": { "union": ["admin"] }, + "aserto.tenant.profile.v1.profile.respondtoinvite": { + "union": ["admin"] }, - "aserto.task.manager.v1.manager.execjob": { - "union": [ - "task-manager" - ] + "aserto.tenant.provider.v1.provider.getprovider": { + "union": ["admin"] }, - "aserto.task.manager.v1.manager.exectask": { - "union": [ - "task-manager" - ] + "aserto.tenant.provider.v1.provider.listproviderkinds": { + "union": ["admin"] }, - "aserto.task.manager.v1.manager.getjob": { - "union": [ - "task-manager" - ] + "aserto.tenant.provider.v1.provider.listproviders": { + "union": ["admin"] }, - "aserto.task.manager.v1.manager.gettask": { - "union": [ - "task-manager" - ] + "aserto.tenant.registry.v1.registry.clonerepo": { "union": ["admin"] }, + "aserto.tenant.registry.v1.registry.createregistryrepo": { + "union": ["admin"] }, - "aserto.tenant.account.v1.account.getaccount": { - "union": [ - "admin" - ] + "aserto.tenant.registry.v1.registry.deleteregistryrepo": { + "union": ["admin"] }, - "aserto.tenant.account.v1.account.listinvites": { - "union": [ - "admin" - ] + "aserto.tenant.registry.v1.registry.getregistryrepotag": { + "union": ["admin"] }, - "aserto.tenant.account.v1.account.signupaccount": { - "union": [ - "admin" - ] + "aserto.tenant.registry.v1.registry.listorgs": { "union": ["admin"] }, + "aserto.tenant.registry.v1.registry.listregistryrepodigests": { + "union": ["admin"] }, - "aserto.tenant.account.v1.account.updateaccount": { - "union": [ - "admin" - ] + "aserto.tenant.registry.v1.registry.listregistryrepos": { + "union": ["admin"] }, - "aserto.tenant.connection.v1.connection.connectionavailable": { - "union": [ - "admin" - ] + "aserto.tenant.registry.v1.registry.listregistryrepotags": { + "union": ["admin"] }, - "aserto.tenant.connection.v1.connection.createconnection": { - "union": [ - "admin" - ] + "aserto.tenant.registry.v1.registry.registryrepoavailable": { + "union": ["admin"] }, - "aserto.tenant.connection.v1.connection.deleteconnection": { - "union": [ - "admin" - ] + "aserto.tenant.registry.v1.registry.validpolicyregistryrepotag": { + "union": ["admin"] }, - "aserto.tenant.connection.v1.connection.getconnection": { - "union": [ - "admin" - ] + "aserto.tenant.scc.v1.sourcecodectl.createrepo": { "union": ["admin"] }, + "aserto.tenant.scc.v1.sourcecodectl.getprofile": { "union": ["admin"] }, + "aserto.tenant.scc.v1.sourcecodectl.getrepo": { "union": ["admin"] }, + "aserto.tenant.scc.v1.sourcecodectl.isrepoconnected": { + "union": ["admin"] }, - "aserto.tenant.connection.v1.connection.listconnections": { - "union": [ - "admin" - ] + "aserto.tenant.scc.v1.sourcecodectl.listorg": { "union": ["admin"] }, + "aserto.tenant.scc.v1.sourcecodectl.listrepo": { "union": ["admin"] }, + "aserto.tenant.scc.v1.sourcecodectl.listtemplates": { + "union": ["admin"] }, - "aserto.tenant.connection.v1.connection.rotatesecret": { - "union": [ - "admin" - ] + "aserto.tenant.system.v1.system.deleteaccount": { "union": ["admin"] }, + "aserto.tenant.system.v1.system.deletetenant": { "union": ["admin"] }, + "aserto.tenant.system.v1.system.getaccount": { "union": ["admin"] }, + "aserto.tenant.system.v1.system.getmachineaccount": { + "union": ["admin"] }, - "aserto.tenant.connection.v1.connection.updateconnection": { - "union": [ - "admin" - ] + "aserto.tenant.system.v1.system.listaccounts": { "union": ["admin"] }, + "aserto.tenant.system.v1.system.listdeletedtenants": { + "union": ["admin"] }, - "aserto.tenant.connection.v1.connection.verifyconnection": { - "union": [ - "admin" - ] + "aserto.tenant.system.v1.system.listtenants": { "union": ["admin"] }, + "aserto.tenant.system.v1.system.restoredeletedtenant": { + "union": ["admin"] }, - "aserto.tenant.onboarding.v1.onboarding.claimtenant": { - "union": [ - "admin" - ] + "aserto.tenant.system.v1.system.setaccountdeleted": { + "union": ["admin"] }, - "aserto.tenant.onboarding.v1.onboarding.inviteuser": { - "union": [ - "admin" - ] + "aserto.tenant.system.v1.system.setloglevel": { "union": ["admin"] }, + "aserto.tenant.system.v1.system.settenantdeleted": { + "union": ["admin"] + }, + "aserto.tenant.v2.account.deleteaccount": { "union": ["admin"] }, + "aserto.tenant.v2.instance.createinstance": { "union": ["admin"] }, + "aserto.tenant.v2.instance.deleteinstance": { "union": ["admin"] }, + "aserto.tenant.v2.instance.listinstance": { "union": ["admin"] }, + "aserto.tenant.v2.instance.updateinstance": { "union": ["admin"] }, + "aserto.tenant.v2.policy.createpolicy": { "union": ["admin"] }, + "aserto.tenant.v2.policy.deletepolicy": { "union": ["admin"] }, + "aserto.tenant.v2.policy.getpolicy": { "union": ["admin"] }, + "aserto.tenant.v2.policy.listpolicy": { "union": ["admin"] }, + "aserto.tenant.v2.policy.policynameavailable": { "union": ["admin"] }, + "aserto.tenant.v2.policy.updatepolicy": { "union": ["admin"] }, + "aserto.tenant.v2.policystate.getpolicystate": { "union": ["admin"] }, + "aserto.tenant.v2.policystate.setpolicystate": { "union": ["admin"] }, + "aserto.tenant.v2.repository.createrepository": { "union": ["admin"] }, + "aserto.tenant.v2.repository.deleterepository": { "union": ["admin"] }, + "aserto.tenant.v2.repository.getrepository": { "union": ["admin"] }, + "aserto.tenant.v2.repository.updaterepository": { "union": ["admin"] }, + "aserto.tenant.v2.source.createsource": { "union": ["admin"] }, + "aserto.tenant.v2.source.deletesource": { "union": ["admin"] }, + "aserto.tenant.v2.source.getsource": { "union": ["admin"] }, + "aserto.tenant.v2.source.updatesource": { "union": ["admin"] }, + "aserto.tenant.v2.tenant.deletetenant": { "union": ["admin"] }, + "grpc.reflection.v1alpha.serverreflection.serverreflectioninfo": { + "union": ["admin"] + } + } + }, + "tenant": { + "relations": { + "account": [{ "direct": "user" }], + "admin": [{ "direct": "owner" }, { "direct": "group" }], + "decision-log-reader": [{ "direct": "group" }], + "directory-client-reader": [ + { "direct": "directory-client-writer" }, + { "direct": "group" } + ], + "directory-client-writer": [{ "direct": "group" }], + "discovery-client": [{ "direct": "group" }], + "edge-authorizer": [{ "direct": "group" }], + "member": [ + { "direct": "owner" }, + { "direct": "admin" }, + { "direct": "group" } + ], + "owner": [{ "direct": "group" }], + "viewer": [ + { "direct": "owner" }, + { "direct": "admin" }, + { "direct": "member" }, + { "direct": "group" } + ] + }, + "permissions": { + "aserto.authorizer.authorizer.v1.authorizer.decisiontree": { + "union": ["member", "viewer", "owner", "admin"] }, - "aserto.tenant.onboarding.v1.onboarding.tenantavailable": { - "union": [ - "admin" - ] + "aserto.authorizer.authorizer.v1.authorizer.is": { + "union": ["owner", "admin", "member", "viewer"] }, - "aserto.tenant.policy.builder.v1.policybuilder.createpolicybuilder": { - "union": [ - "admin" - ] + "aserto.authorizer.authorizer.v1.authorizer.query": { + "union": ["owner", "admin", "member", "viewer"] }, - "aserto.tenant.policy.builder.v1.policybuilder.deletepolicybuilder": { - "union": [ - "admin" - ] + "aserto.authorizer.directory.v1.directory.createtenant": { + "union": ["admin", "directory-client-writer"] }, - "aserto.tenant.policy.builder.v1.policybuilder.listpolicybuilders": { - "union": [ - "admin" - ] + "aserto.authorizer.directory.v1.directory.createuser": { + "union": ["admin", "directory-client-writer"] }, - "aserto.tenant.policy.v1.policy.createpolicyref": { - "union": [ - "admin" - ] + "aserto.authorizer.directory.v1.directory.deleteapplpermission": { + "union": ["owner", "admin", "directory-client-writer"] }, - "aserto.tenant.policy.v1.policy.deletepolicyref": { - "union": [ - "admin" - ] + "aserto.authorizer.directory.v1.directory.deleteapplproperty": { + "union": ["owner", "admin", "directory-client-writer"] }, - "aserto.tenant.policy.v1.policy.listpolicyrefs": { - "union": [ - "admin" - ] + "aserto.authorizer.directory.v1.directory.deleteapplrole": { + "union": ["owner", "admin", "directory-client-writer"] }, - "aserto.tenant.policy.v1.policy.opadiscovery": { - "union": [ - "admin" - ] + "aserto.authorizer.directory.v1.directory.deleteresource": { + "union": ["owner", "admin", "member", "directory-client-writer"] }, - "aserto.tenant.policy.v1.policy.opainstancediscovery": { - "union": [ - "admin" - ] + "aserto.authorizer.directory.v1.directory.deletetenant": { + "union": ["admin", "directory-client-writer"] }, - "aserto.tenant.policy.v1.policy.updatepolicyref": { - "union": [ - "admin" - ] + "aserto.authorizer.directory.v1.directory.deleteuser": { + "union": ["directory-client-writer", "admin"] }, - "aserto.tenant.profile.v1.profile.getinvites": { - "union": [ - "admin" - ] + "aserto.authorizer.directory.v1.directory.deleteuserapplication": { + "union": ["admin", "directory-client-writer"] }, - "aserto.tenant.profile.v1.profile.getprofile": { - "union": [ - "admin" - ] + "aserto.authorizer.directory.v1.directory.deleteuserpermission": { + "union": ["directory-client-writer", "admin"] }, - "aserto.tenant.profile.v1.profile.inviteuser": { - "union": [ - "admin" - ] + "aserto.authorizer.directory.v1.directory.deleteuserproperty": { + "union": ["admin", "directory-client-writer"] }, - "aserto.tenant.profile.v1.profile.removemember": { - "union": [ - "admin" - ] + "aserto.authorizer.directory.v1.directory.deleteuserrole": { + "union": ["admin", "directory-client-writer"] }, - "aserto.tenant.profile.v1.profile.respondtoinvite": { + "aserto.authorizer.directory.v1.directory.getapplpermissions": { "union": [ + "member", + "viewer", + "directory-client-reader", + "owner", "admin" ] }, - "aserto.tenant.provider.v1.provider.getprovider": { + "aserto.authorizer.directory.v1.directory.getapplproperties": { "union": [ - "admin" + "admin", + "member", + "viewer", + "directory-client-reader", + "owner" ] }, - "aserto.tenant.provider.v1.provider.listproviderkinds": { + "aserto.authorizer.directory.v1.directory.getapplroles": { "union": [ - "admin" + "owner", + "admin", + "member", + "viewer", + "directory-client-reader" ] }, - "aserto.tenant.provider.v1.provider.listproviders": { + "aserto.authorizer.directory.v1.directory.getidentity": { "union": [ - "admin" + "admin", + "member", + "viewer", + "directory-client-reader", + "owner" ] }, - "aserto.tenant.registry.v1.registry.clonerepo": { + "aserto.authorizer.directory.v1.directory.getresource": { "union": [ - "admin" + "owner", + "admin", + "member", + "viewer", + "directory-client-reader" ] }, - "aserto.tenant.registry.v1.registry.createregistryrepo": { + "aserto.authorizer.directory.v1.directory.getuser": { "union": [ - "admin" + "viewer", + "directory-client-reader", + "owner", + "admin", + "member" ] }, - "aserto.tenant.registry.v1.registry.deleteregistryrepo": { + "aserto.authorizer.directory.v1.directory.getuserpermissions": { "union": [ - "admin" + "admin", + "member", + "viewer", + "directory-client-reader", + "owner" ] }, - "aserto.tenant.registry.v1.registry.getregistryrepotag": { + "aserto.authorizer.directory.v1.directory.getuserproperties": { "union": [ - "admin" + "owner", + "admin", + "member", + "viewer", + "directory-client-reader" ] }, - "aserto.tenant.registry.v1.registry.listorgs": { + "aserto.authorizer.directory.v1.directory.getuserroles": { "union": [ - "admin" + "owner", + "admin", + "member", + "viewer", + "directory-client-reader" ] }, - "aserto.tenant.registry.v1.registry.listregistryrepodigests": { - "union": [ - "admin" - ] + "aserto.authorizer.directory.v1.directory.getvalue": { + "union": ["viewer", "directory-client-reader"] }, - "aserto.tenant.registry.v1.registry.listregistryrepos": { + "aserto.authorizer.directory.v1.directory.listresources": { "union": [ - "admin" + "owner", + "admin", + "member", + "viewer", + "directory-client-reader" ] }, - "aserto.tenant.registry.v1.registry.listregistryrepotags": { - "union": [ - "admin" - ] + "aserto.authorizer.directory.v1.directory.listtenants": { + "union": ["viewer", "directory-client-reader"] }, - "aserto.tenant.registry.v1.registry.registryrepoavailable": { + "aserto.authorizer.directory.v1.directory.listuserapplications": { "union": [ - "admin" + "directory-client-reader", + "owner", + "admin", + "member", + "viewer" ] }, - "aserto.tenant.registry.v1.registry.validpolicyregistryrepotag": { - "union": [ - "admin" - ] + "aserto.authorizer.directory.v1.directory.listusers": { + "union": ["directory-client-reader", "viewer"] }, - "aserto.tenant.scc.v1.sourcecodectl.createrepo": { - "union": [ - "admin" - ] + "aserto.authorizer.directory.v1.directory.loadusers": { + "union": ["admin", "directory-client-writer"] }, - "aserto.tenant.scc.v1.sourcecodectl.getprofile": { - "union": [ - "admin" - ] + "aserto.authorizer.directory.v1.directory.setapplpermission": { + "union": ["owner", "admin", "directory-client-writer"] }, - "aserto.tenant.scc.v1.sourcecodectl.getrepo": { - "union": [ - "admin" - ] + "aserto.authorizer.directory.v1.directory.setapplpermissions": { + "union": ["owner", "admin", "directory-client-writer"] }, - "aserto.tenant.scc.v1.sourcecodectl.isrepoconnected": { - "union": [ - "admin" - ] + "aserto.authorizer.directory.v1.directory.setapplproperties": { + "union": ["owner", "admin", "directory-client-writer"] }, - "aserto.tenant.scc.v1.sourcecodectl.listorg": { - "union": [ - "admin" - ] + "aserto.authorizer.directory.v1.directory.setapplproperty": { + "union": ["owner", "admin", "directory-client-writer"] }, - "aserto.tenant.scc.v1.sourcecodectl.listrepo": { - "union": [ - "admin" - ] - }, - "aserto.tenant.scc.v1.sourcecodectl.listtemplates": { - "union": [ - "admin" - ] - }, - "aserto.tenant.system.v1.system.deleteaccount": { - "union": [ - "admin" - ] - }, - "aserto.tenant.system.v1.system.deletetenant": { - "union": [ - "admin" - ] - }, - "aserto.tenant.system.v1.system.getaccount": { - "union": [ - "admin" - ] - }, - "aserto.tenant.system.v1.system.getmachineaccount": { - "union": [ - "admin" - ] - }, - "aserto.tenant.system.v1.system.listaccounts": { - "union": [ - "admin" - ] - }, - "aserto.tenant.system.v1.system.listdeletedtenants": { - "union": [ - "admin" - ] - }, - "aserto.tenant.system.v1.system.listtenants": { - "union": [ - "admin" - ] - }, - "aserto.tenant.system.v1.system.restoredeletedtenant": { - "union": [ - "admin" - ] - }, - "aserto.tenant.system.v1.system.setaccountdeleted": { - "union": [ - "admin" - ] - }, - "aserto.tenant.system.v1.system.setloglevel": { - "union": [ - "admin" - ] - }, - "aserto.tenant.system.v1.system.settenantdeleted": { - "union": [ - "admin" - ] - }, - "aserto.tenant.v2.account.deleteaccount": { - "union": [ - "admin" - ] - }, - "aserto.tenant.v2.instance.createinstance": { - "union": [ - "admin" - ] - }, - "aserto.tenant.v2.instance.deleteinstance": { - "union": [ - "admin" - ] - }, - "aserto.tenant.v2.instance.listinstance": { - "union": [ - "admin" - ] - }, - "aserto.tenant.v2.instance.updateinstance": { - "union": [ - "admin" - ] - }, - "aserto.tenant.v2.policy.createpolicy": { - "union": [ - "admin" - ] - }, - "aserto.tenant.v2.policy.deletepolicy": { - "union": [ - "admin" - ] - }, - "aserto.tenant.v2.policy.getpolicy": { - "union": [ - "admin" - ] - }, - "aserto.tenant.v2.policy.listpolicy": { - "union": [ - "admin" - ] - }, - "aserto.tenant.v2.policy.policynameavailable": { - "union": [ - "admin" - ] - }, - "aserto.tenant.v2.policy.updatepolicy": { - "union": [ - "admin" - ] - }, - "aserto.tenant.v2.policystate.getpolicystate": { - "union": [ - "admin" - ] - }, - "aserto.tenant.v2.policystate.setpolicystate": { - "union": [ - "admin" - ] - }, - "aserto.tenant.v2.repository.createrepository": { - "union": [ - "admin" - ] - }, - "aserto.tenant.v2.repository.deleterepository": { - "union": [ - "admin" - ] - }, - "aserto.tenant.v2.repository.getrepository": { - "union": [ - "admin" - ] - }, - "aserto.tenant.v2.repository.updaterepository": { - "union": [ - "admin" - ] - }, - "aserto.tenant.v2.source.createsource": { - "union": [ - "admin" - ] - }, - "aserto.tenant.v2.source.deletesource": { - "union": [ - "admin" - ] - }, - "aserto.tenant.v2.source.getsource": { - "union": [ - "admin" - ] - }, - "aserto.tenant.v2.source.updatesource": { - "union": [ - "admin" - ] - }, - "aserto.tenant.v2.tenant.deletetenant": { - "union": [ - "admin" - ] - }, - "grpc.reflection.v1alpha.serverreflection.serverreflectioninfo": { - "union": [ - "admin" - ] - } - } - }, - "tenant": { - "relations": { - "account": [], - "admin": [ - { - "subject": { - "object": "tenant", - "relation": "owner" - } - } - ], - "decision-log-reader": [], - "directory-client-reader": [ - { - "subject": { - "object": "tenant", - "relation": "directory-client-writer" - } - } - ], - "directory-client-writer": [], - "discovery-client": [], - "edge-authorizer": [], - "member": [ - { - "subject": { - "object": "tenant", - "relation": "owner" - } - }, - { - "subject": { - "object": "tenant", - "relation": "admin" - } - } - ], - "owner": [], - "viewer": [ - { - "subject": { - "object": "tenant", - "relation": "member" - } - }, - { - "subject": { - "object": "tenant", - "relation": "owner" - } - }, - { - "subject": { - "object": "tenant", - "relation": "admin" - } - } - ] - }, - "permissions": { - "aserto.authorizer.authorizer.v1.authorizer.decisiontree": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] - }, - "aserto.authorizer.authorizer.v1.authorizer.is": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] - }, - "aserto.authorizer.authorizer.v1.authorizer.query": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] - }, - "aserto.authorizer.directory.v1.directory.createtenant": { - "union": [ - "directory-client-writer", - "admin" - ] - }, - "aserto.authorizer.directory.v1.directory.createuser": { - "union": [ - "directory-client-writer", - "admin" - ] - }, - "aserto.authorizer.directory.v1.directory.deleteapplpermission": { - "union": [ - "directory-client-writer", - "owner", - "admin" - ] - }, - "aserto.authorizer.directory.v1.directory.deleteapplproperty": { - "union": [ - "directory-client-writer", - "owner", - "admin" - ] - }, - "aserto.authorizer.directory.v1.directory.deleteapplrole": { - "union": [ - "directory-client-writer", - "owner", - "admin" - ] - }, - "aserto.authorizer.directory.v1.directory.deleteresource": { - "union": [ - "directory-client-writer", - "member", - "owner", - "admin" - ] - }, - "aserto.authorizer.directory.v1.directory.deletetenant": { - "union": [ - "directory-client-writer", - "admin" - ] - }, - "aserto.authorizer.directory.v1.directory.deleteuser": { - "union": [ - "directory-client-writer", - "admin" - ] - }, - "aserto.authorizer.directory.v1.directory.deleteuserapplication": { - "union": [ - "directory-client-writer", - "admin" - ] - }, - "aserto.authorizer.directory.v1.directory.deleteuserpermission": { - "union": [ - "directory-client-writer", - "admin" - ] - }, - "aserto.authorizer.directory.v1.directory.deleteuserproperty": { - "union": [ - "directory-client-writer", - "admin" - ] - }, - "aserto.authorizer.directory.v1.directory.deleteuserrole": { - "union": [ - "directory-client-writer", - "admin" - ] - }, - "aserto.authorizer.directory.v1.directory.getapplpermissions": { - "union": [ - "directory-client-reader", - "member", - "owner", - "viewer", - "admin" - ] - }, - "aserto.authorizer.directory.v1.directory.getapplproperties": { - "union": [ - "directory-client-reader", - "member", - "owner", - "viewer", - "admin" - ] - }, - "aserto.authorizer.directory.v1.directory.getapplroles": { - "union": [ - "directory-client-reader", - "member", - "owner", - "viewer", - "admin" - ] - }, - "aserto.authorizer.directory.v1.directory.getidentity": { - "union": [ - "directory-client-reader", - "member", - "owner", - "viewer", - "admin" - ] - }, - "aserto.authorizer.directory.v1.directory.getresource": { - "union": [ - "directory-client-reader", - "member", - "owner", - "viewer", - "admin" - ] - }, - "aserto.authorizer.directory.v1.directory.getuser": { - "union": [ - "directory-client-reader", - "member", - "owner", - "viewer", - "admin" - ] - }, - "aserto.authorizer.directory.v1.directory.getuserpermissions": { - "union": [ - "directory-client-reader", - "member", - "owner", - "viewer", - "admin" - ] - }, - "aserto.authorizer.directory.v1.directory.getuserproperties": { - "union": [ - "directory-client-reader", - "member", - "owner", - "viewer", - "admin" - ] - }, - "aserto.authorizer.directory.v1.directory.getuserroles": { - "union": [ - "directory-client-reader", - "member", - "owner", - "viewer", - "admin" - ] - }, - "aserto.authorizer.directory.v1.directory.getvalue": { - "union": [ - "directory-client-reader", - "viewer" - ] - }, - "aserto.authorizer.directory.v1.directory.listresources": { - "union": [ - "directory-client-reader", - "member", - "owner", - "viewer", - "admin" - ] - }, - "aserto.authorizer.directory.v1.directory.listtenants": { - "union": [ - "directory-client-reader", - "viewer" - ] - }, - "aserto.authorizer.directory.v1.directory.listuserapplications": { - "union": [ - "directory-client-reader", - "member", - "owner", - "viewer", - "admin" - ] - }, - "aserto.authorizer.directory.v1.directory.listusers": { - "union": [ - "directory-client-reader", - "viewer" - ] - }, - "aserto.authorizer.directory.v1.directory.loadusers": { - "union": [ - "directory-client-writer", - "admin" - ] - }, - "aserto.authorizer.directory.v1.directory.setapplpermission": { - "union": [ - "directory-client-writer", - "owner", - "admin" - ] - }, - "aserto.authorizer.directory.v1.directory.setapplpermissions": { - "union": [ - "directory-client-writer", - "owner", - "admin" - ] - }, - "aserto.authorizer.directory.v1.directory.setapplproperties": { - "union": [ - "directory-client-writer", - "owner", - "admin" - ] - }, - "aserto.authorizer.directory.v1.directory.setapplproperty": { - "union": [ - "directory-client-writer", - "owner", - "admin" - ] - }, - "aserto.authorizer.directory.v1.directory.setapplrole": { - "union": [ - "directory-client-writer", - "owner", - "admin" - ] + "aserto.authorizer.directory.v1.directory.setapplrole": { + "union": ["owner", "admin", "directory-client-writer"] }, "aserto.authorizer.directory.v1.directory.setapplroles": { - "union": [ - "directory-client-writer", - "owner", - "admin" - ] + "union": ["owner", "admin", "directory-client-writer"] }, "aserto.authorizer.directory.v1.directory.setresource": { - "union": [ - "directory-client-writer", - "member", - "owner", - "admin" - ] + "union": ["member", "directory-client-writer", "owner", "admin"] }, "aserto.authorizer.directory.v1.directory.setuserpermission": { - "union": [ - "directory-client-writer", - "admin" - ] + "union": ["admin", "directory-client-writer"] }, "aserto.authorizer.directory.v1.directory.setuserpermissions": { - "union": [ - "directory-client-writer", - "admin" - ] + "union": ["admin", "directory-client-writer"] }, "aserto.authorizer.directory.v1.directory.setuserproperties": { - "union": [ - "directory-client-writer", - "admin" - ] + "union": ["admin", "directory-client-writer"] }, "aserto.authorizer.directory.v1.directory.setuserproperty": { - "union": [ - "directory-client-writer", - "admin" - ] + "union": ["directory-client-writer", "admin"] }, "aserto.authorizer.directory.v1.directory.setuserrole": { - "union": [ - "directory-client-writer", - "admin" - ] + "union": ["admin", "directory-client-writer"] }, "aserto.authorizer.directory.v1.directory.setuserroles": { - "union": [ - "directory-client-writer", - "admin" - ] + "union": ["admin", "directory-client-writer"] }, "aserto.authorizer.directory.v1.directory.updateuser": { - "union": [ - "directory-client-writer", - "admin" - ] + "union": ["admin", "directory-client-writer"] }, "aserto.authorizer.system.v1.system.unloadruntime": { - "union": [ - "owner", - "admin" - ] + "union": ["owner", "admin"] }, "aserto.common.info.v1.info.info": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] - }, - "aserto.decision.logs.v1.decisionlogs.executequery": { - "union": [ - "member", - "owner", - "admin", - "decision-log-reader" - ] - }, - "aserto.decision.logs.v1.decisionlogs.getdecisionlog": { - "union": [ - "member", - "owner", - "admin", - "decision-log-reader" - ] - }, - "aserto.decision.logs.v1.decisionlogs.getdecisions": { - "union": [ - "member", - "owner", - "admin", - "decision-log-reader" - ] + "union": ["owner", "admin", "member", "viewer"] }, - "aserto.decision.logs.v1.decisionlogs.getuser": { - "union": [ - "member", - "owner", - "admin", - "decision-log-reader" - ] - }, - "aserto.decision.logs.v1.decisionlogs.listdecisionlogs": { - "union": [ - "member", - "owner", - "admin", - "decision-log-reader" - ] + "aserto.decision_logs.v1.decisionlogs.executequery": { + "union": ["decision-log-reader", "owner", "admin", "member"] }, - "aserto.decision.logs.v1.decisionlogs.listusers": { - "union": [ - "member", - "owner", - "admin", - "decision-log-reader" - ] + "aserto.decision_logs.v1.decisionlogs.getdecisionlog": { + "union": ["owner", "admin", "member", "decision-log-reader"] }, - "aserto.decision.logs.v2.decisionlogs.executequery": { - "union": [ - "member", - "owner", - "admin", - "decision-log-reader" - ] + "aserto.decision_logs.v1.decisionlogs.getdecisions": { + "union": ["member", "decision-log-reader", "owner", "admin"] }, - "aserto.decision.logs.v2.decisionlogs.getdecisionlog": { - "union": [ - "member", - "owner", - "admin", - "decision-log-reader" - ] + "aserto.decision_logs.v1.decisionlogs.getuser": { + "union": ["member", "decision-log-reader", "owner", "admin"] }, - "aserto.decision.logs.v2.decisionlogs.getdecisions": { - "union": [ - "member", - "owner", - "admin", - "decision-log-reader" - ] + "aserto.decision_logs.v1.decisionlogs.listdecisionlogs": { + "union": ["member", "decision-log-reader", "owner", "admin"] }, - "aserto.decision.logs.v2.decisionlogs.getuser": { - "union": [ - "member", - "owner", - "admin", - "decision-log-reader" - ] + "aserto.decision_logs.v1.decisionlogs.listusers": { + "union": ["decision-log-reader", "owner", "admin", "member"] }, - "aserto.decision.logs.v2.decisionlogs.listdecisionlogs": { - "union": [ - "member", - "owner", - "admin", - "decision-log-reader" - ] + "aserto.decision_logs.v2.decisionlogs.executequery": { + "union": ["owner", "admin", "member", "decision-log-reader"] }, - "aserto.decision.logs.v2.decisionlogs.listusers": { - "union": [ - "member", - "owner", - "admin", - "decision-log-reader" - ] + "aserto.decision_logs.v2.decisionlogs.getdecisionlog": { + "union": ["member", "decision-log-reader", "owner", "admin"] + }, + "aserto.decision_logs.v2.decisionlogs.getdecisions": { + "union": ["owner", "admin", "member", "decision-log-reader"] + }, + "aserto.decision_logs.v2.decisionlogs.getuser": { + "union": ["owner", "admin", "member", "decision-log-reader"] + }, + "aserto.decision_logs.v2.decisionlogs.listdecisionlogs": { + "union": ["owner", "admin", "member", "decision-log-reader"] + }, + "aserto.decision_logs.v2.decisionlogs.listusers": { + "union": ["member", "decision-log-reader", "owner", "admin"] }, "aserto.directory.exporter.v2.exporter.export": { - "union": [ - "directory-client-reader", - "viewer" - ] + "union": ["viewer", "directory-client-reader"] }, "aserto.directory.importer.v2.importer.import": { - "union": [ - "directory-client-writer", - "admin" - ] + "union": ["admin", "directory-client-writer"] }, "aserto.directory.reader.v2.reader.checkpermission": { - "union": [ - "directory-client-reader", - "viewer" - ] + "union": ["viewer", "directory-client-reader"] }, "aserto.directory.reader.v2.reader.checkrelation": { - "union": [ - "directory-client-reader", - "viewer" - ] + "union": ["viewer", "directory-client-reader"] }, "aserto.directory.reader.v2.reader.getgraph": { - "union": [ - "directory-client-reader", - "viewer" - ] + "union": ["directory-client-reader", "viewer"] }, "aserto.directory.reader.v2.reader.getobject": { - "union": [ - "directory-client-reader", - "viewer" - ] + "union": ["viewer", "directory-client-reader"] }, "aserto.directory.reader.v2.reader.getobjectmany": { - "union": [ - "directory-client-reader", - "viewer" - ] + "union": ["viewer", "directory-client-reader"] }, "aserto.directory.reader.v2.reader.getobjects": { - "union": [ - "directory-client-reader", - "viewer" - ] + "union": ["viewer", "directory-client-reader"] }, "aserto.directory.reader.v2.reader.getobjecttype": { - "union": [ - "directory-client-reader", - "viewer" - ] + "union": ["viewer", "directory-client-reader"] }, "aserto.directory.reader.v2.reader.getobjecttypes": { - "union": [ - "directory-client-reader", - "viewer" - ] + "union": ["directory-client-reader", "viewer"] }, "aserto.directory.reader.v2.reader.getpermission": { - "union": [ - "directory-client-reader", - "viewer" - ] + "union": ["viewer", "directory-client-reader"] }, "aserto.directory.reader.v2.reader.getpermissions": { - "union": [ - "directory-client-reader", - "viewer" - ] + "union": ["viewer", "directory-client-reader"] }, "aserto.directory.reader.v2.reader.getrelation": { - "union": [ - "directory-client-reader", - "viewer" - ] + "union": ["viewer", "directory-client-reader"] }, "aserto.directory.reader.v2.reader.getrelations": { - "union": [ - "directory-client-reader", - "viewer" - ] + "union": ["viewer", "directory-client-reader"] }, "aserto.directory.reader.v2.reader.getrelationtype": { - "union": [ - "directory-client-reader", - "viewer" - ] + "union": ["viewer", "directory-client-reader"] }, "aserto.directory.reader.v2.reader.getrelationtypes": { - "union": [ - "directory-client-reader", - "viewer" - ] + "union": ["directory-client-reader", "viewer"] }, "aserto.directory.writer.v2.writer.deleteobject": { - "union": [ - "directory-client-writer", - "admin" - ] + "union": ["admin", "directory-client-writer"] }, "aserto.directory.writer.v2.writer.deleteobjecttype": { - "union": [ - "directory-client-writer", - "admin" - ] + "union": ["directory-client-writer", "admin"] }, "aserto.directory.writer.v2.writer.deletepermission": { - "union": [ - "directory-client-writer", - "admin" - ] + "union": ["admin", "directory-client-writer"] }, "aserto.directory.writer.v2.writer.deleterelation": { - "union": [ - "directory-client-writer", - "admin" - ] + "union": ["admin", "directory-client-writer"] }, "aserto.directory.writer.v2.writer.deleterelationtype": { - "union": [ - "directory-client-writer", - "admin" - ] + "union": ["admin", "directory-client-writer"] }, "aserto.directory.writer.v2.writer.setobject": { - "union": [ - "directory-client-writer", - "admin" - ] + "union": ["admin", "directory-client-writer"] }, "aserto.directory.writer.v2.writer.setobjecttype": { - "union": [ - "directory-client-writer", - "admin" - ] + "union": ["admin", "directory-client-writer"] }, "aserto.directory.writer.v2.writer.setpermission": { - "union": [ - "directory-client-writer", - "admin" - ] + "union": ["directory-client-writer", "admin"] }, "aserto.directory.writer.v2.writer.setrelation": { - "union": [ - "directory-client-writer", - "admin" - ] + "union": ["directory-client-writer", "admin"] }, "aserto.directory.writer.v2.writer.setrelationtype": { - "union": [ - "directory-client-writer", - "admin" - ] + "union": ["admin", "directory-client-writer"] }, "aserto.discovery.policy.v1.discovery.opadiscovery": { - "union": [ - "member", - "owner", - "admin", - "discovery-client" - ] + "union": ["owner", "admin", "member", "discovery-client"] }, "aserto.discovery.policy.v2.discovery.opainstancediscovery": { - "union": [ - "member", - "owner", - "admin", - "discovery-client" - ] + "union": ["member", "discovery-client", "owner", "admin"] }, "aserto.funnel.v1.funnel.runworkflow": { - "union": [ - "member", - "owner", - "admin" - ] - }, - "aserto.funnel.v1.funnel.startworkflow": { - "union": [ - "member", - "owner", - "admin" - ] - }, - "aserto.funnel.v1.funnel.stopworkflow": { - "union": [ - "member", - "owner", - "admin" - ] - }, - "aserto.maestro.user.getpolicystate": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] - }, - "aserto.maestro.user.policy": { - "union": [ - "member", - "owner", - "admin" - ] - }, - "aserto.maestro.user.testwf": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] - }, - "aserto.management.v2.controller.commandstream": { - "union": [ - "edge-authorizer" - ] - }, - "aserto.management.v2.controlplane.execcommand": { - "union": [ - "owner", - "admin" - ] - }, - "aserto.management.v2.controlplane.listinstanceregistrations": { - "union": [ - "owner", - "admin" - ] - }, - "aserto.registry.tenant.v1.policy.createpolicyimage": { - "union": [ - "member", - "owner", - "admin" - ] - }, - "aserto.registry.tenant.v1.policy.deletepolicyimage": { - "union": [ - "member", - "owner", - "admin" - ] - }, - "aserto.registry.tenant.v1.policy.getpolicyimage": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] - }, - "aserto.registry.tenant.v1.policy.listpolicyimages": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] - }, - "aserto.registry.tenant.v1.policy.listpublicpolicyimages": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] - }, - "aserto.registry.tenant.v1.policy.updatepolicyimage": { - "union": [ - "member", - "owner", - "admin" - ] - }, - "aserto.registry.tenant.v1.policyrepo.createpolicyrepo": { - "union": [ - "member", - "owner", - "admin" - ] - }, - "aserto.registry.tenant.v1.policyrepo.deletepolicyrepo": { - "union": [ - "member", - "owner", - "admin" - ] + "union": ["member", "owner", "admin"] }, - "aserto.registry.tenant.v1.policyrepo.getpolicyrepo": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "aserto.funnel.v1.funnel.startworkflow": { + "union": ["owner", "admin", "member"] }, - "aserto.registry.tenant.v1.policyrepo.listpolicyrepos": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "aserto.funnel.v1.funnel.stopworkflow": { + "union": ["owner", "admin", "member"] }, - "aserto.registry.tenant.v1.policyrepo.updatepolicyrepo": { - "union": [ - "member", - "owner", - "admin" - ] + "aserto.maestro.user.getpolicystate": { + "union": ["owner", "admin", "member", "viewer"] }, - "aserto.registry.tenant.v1.tenant.listpublictenants": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "aserto.maestro.user.policy": { "union": ["member", "owner", "admin"] }, + "aserto.maestro.user.testwf": { + "union": ["owner", "admin", "member", "viewer"] }, - "aserto.registry.tenant.v1.tenant.listtenants": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "aserto.management.v2.controller.commandstream": { + "union": ["edge-authorizer"] + }, + "aserto.management.v2.controlplane.execcommand": { + "union": ["admin", "owner"] + }, + "aserto.management.v2.controlplane.listinstanceregistrations": { + "union": ["owner", "admin"] }, "aserto.registry.v1.registry.createimage": { - "union": [ - "member", - "owner", - "admin" - ] + "union": ["admin", "member", "owner"] }, "aserto.registry.v1.registry.getreadaccesstoken": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["owner", "admin", "member", "viewer"] }, "aserto.registry.v1.registry.getwriteaccesstoken": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["owner", "admin", "member", "viewer"] }, "aserto.registry.v1.registry.listdigests": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["member", "viewer", "owner", "admin"] }, "aserto.registry.v1.registry.listimages": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["admin", "member", "viewer", "owner"] }, "aserto.registry.v1.registry.listorgs": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["member", "viewer", "owner", "admin"] }, "aserto.registry.v1.registry.listpublicimages": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["member", "viewer", "owner", "admin"] }, "aserto.registry.v1.registry.listpublicorgs": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["owner", "admin", "member", "viewer"] }, "aserto.registry.v1.registry.listtagswithdetails": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["owner", "admin", "member", "viewer"] }, "aserto.registry.v1.registry.removeimage": { - "union": [ - "member", - "owner", - "admin" - ] + "union": ["owner", "admin", "member"] }, "aserto.registry.v1.registry.repoavailable": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["owner", "admin", "member", "viewer"] }, "aserto.registry.v1.registry.setimagevisibility": { - "union": [ - "owner", - "admin" - ] + "union": ["owner", "admin"] + }, + "aserto.registry_tenant.v1.policy.createpolicyimage": { + "union": ["admin", "member", "owner"] + }, + "aserto.registry_tenant.v1.policy.deletepolicyimage": { + "union": ["owner", "admin", "member"] + }, + "aserto.registry_tenant.v1.policy.getpolicyimage": { + "union": ["viewer", "owner", "admin", "member"] + }, + "aserto.registry_tenant.v1.policy.listpolicyimages": { + "union": ["admin", "member", "viewer", "owner"] + }, + "aserto.registry_tenant.v1.policy.listpublicpolicyimages": { + "union": ["owner", "admin", "member", "viewer"] + }, + "aserto.registry_tenant.v1.policy.updatepolicyimage": { + "union": ["admin", "member", "owner"] + }, + "aserto.registry_tenant.v1.policyrepo.createpolicyrepo": { + "union": ["owner", "admin", "member"] + }, + "aserto.registry_tenant.v1.policyrepo.deletepolicyrepo": { + "union": ["owner", "admin", "member"] + }, + "aserto.registry_tenant.v1.policyrepo.getpolicyrepo": { + "union": ["owner", "admin", "member", "viewer"] + }, + "aserto.registry_tenant.v1.policyrepo.listpolicyrepos": { + "union": ["owner", "admin", "member", "viewer"] + }, + "aserto.registry_tenant.v1.policyrepo.updatepolicyrepo": { + "union": ["owner", "admin", "member"] + }, + "aserto.registry_tenant.v1.tenant.listpublictenants": { + "union": ["owner", "admin", "member", "viewer"] + }, + "aserto.registry_tenant.v1.tenant.listtenants": { + "union": ["owner", "admin", "member", "viewer"] }, "aserto.tenant.account.v1.account.getaccount": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["owner", "admin", "member", "viewer"] }, "aserto.tenant.account.v1.account.listinvites": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["admin", "member", "viewer", "owner"] }, "aserto.tenant.account.v1.account.signupaccount": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["owner", "admin", "member", "viewer"] }, "aserto.tenant.account.v1.account.updateaccount": { - "union": [ - "member", - "owner", - "admin" - ] + "union": ["owner", "admin", "member"] }, "aserto.tenant.connection.v1.connection.connectionavailable": { - "union": [ - "owner", - "admin" - ] + "union": ["owner", "admin"] }, "aserto.tenant.connection.v1.connection.createconnection": { - "union": [ - "member", - "owner", - "admin" - ] + "union": ["member", "owner", "admin"] }, "aserto.tenant.connection.v1.connection.deleteconnection": { - "union": [ - "member", - "owner", - "admin" - ] + "union": ["owner", "admin", "member"] }, "aserto.tenant.connection.v1.connection.getconnection": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["owner", "admin", "member", "viewer"] }, "aserto.tenant.connection.v1.connection.listconnections": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["owner", "admin", "member", "viewer"] }, "aserto.tenant.connection.v1.connection.rotatesecret": { - "union": [ - "owner", - "admin" - ] + "union": ["owner", "admin"] }, "aserto.tenant.connection.v1.connection.updateconnection": { - "union": [ - "member", - "owner", - "admin" - ] + "union": ["owner", "admin", "member"] }, "aserto.tenant.connection.v1.connection.verifyconnection": { - "union": [ - "member", - "owner", - "admin" - ] + "union": ["member", "owner", "admin"] }, "aserto.tenant.onboarding.v1.onboarding.claimtenant": { - "union": [ - "owner" - ] + "union": ["owner"] }, "aserto.tenant.onboarding.v1.onboarding.inviteuser": { - "union": [ - "owner", - "admin" - ] + "union": ["owner", "admin"] }, "aserto.tenant.onboarding.v1.onboarding.tenantavailable": { - "union": [ - "owner" - ] - }, - "aserto.tenant.policy.builder.v1.policybuilder.createpolicybuilder": { - "union": [ - "member", - "owner", - "admin" - ] - }, - "aserto.tenant.policy.builder.v1.policybuilder.deletepolicybuilder": { - "union": [ - "member", - "owner", - "admin" - ] - }, - "aserto.tenant.policy.builder.v1.policybuilder.listpolicybuilders": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["owner"] }, "aserto.tenant.policy.v1.policy.createpolicyref": { - "union": [ - "member", - "owner", - "admin" - ] + "union": ["owner", "admin", "member"] }, "aserto.tenant.policy.v1.policy.deletepolicyref": { - "union": [ - "member", - "owner", - "admin" - ] + "union": ["member", "owner", "admin"] }, "aserto.tenant.policy.v1.policy.listpolicyrefs": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["owner", "admin", "member", "viewer"] }, "aserto.tenant.policy.v1.policy.opadiscovery": { - "union": [ - "member", - "owner", - "viewer", - "admin", - "discovery-client" - ] + "union": ["owner", "admin", "member", "viewer", "discovery-client"] }, "aserto.tenant.policy.v1.policy.opainstancediscovery": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["owner", "admin", "member", "viewer"] }, "aserto.tenant.policy.v1.policy.updatepolicyref": { - "union": [ - "member", - "owner", - "admin" - ] + "union": ["owner", "admin", "member"] + }, + "aserto.tenant.policy_builder.v1.policybuilder.createpolicybuilde": { + "union": ["owner", "admin", "member"] + }, + "aserto.tenant.policy_builder.v1.policybuilder.createpolicybuilder": { + "union": ["owner", "admin", "member"] + }, + "aserto.tenant.policy_builder.v1.policybuilder.deletepolicybuilde": { + "union": ["owner", "admin", "member"] + }, + "aserto.tenant.policy_builder.v1.policybuilder.deletepolicybuilder": { + "union": ["owner", "admin", "member"] + }, + "aserto.tenant.policy_builder.v1.policybuilder.listpolicybuilders": { + "union": ["viewer", "owner", "admin", "member"] }, "aserto.tenant.profile.v1.profile.getinvites": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["owner", "admin", "member", "viewer"] }, - "aserto.tenant.profile.v1.profile.getprofile": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "aserto.tenant.profile.v1.profile.getprofile": { + "union": ["owner", "admin", "member", "viewer"] }, "aserto.tenant.profile.v1.profile.inviteuser": { - "union": [ - "owner", - "admin" - ] + "union": ["owner", "admin"] }, "aserto.tenant.profile.v1.profile.removemember": { - "union": [ - "owner", - "admin" - ] + "union": ["owner", "admin"] }, "aserto.tenant.profile.v1.profile.respondtoinvite": { - "union": [ - "owner", - "admin" - ] + "union": ["owner", "admin"] }, "aserto.tenant.provider.v1.provider.getprovider": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["owner", "admin", "member", "viewer"] }, "aserto.tenant.provider.v1.provider.listproviderkinds": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["viewer", "owner", "admin", "member"] }, "aserto.tenant.provider.v1.provider.listproviders": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["owner", "admin", "member", "viewer"] }, "aserto.tenant.registry.v1.registry.clonerepo": { - "union": [ - "member", - "owner", - "admin" - ] + "union": ["owner", "admin", "member"] }, "aserto.tenant.registry.v1.registry.createregistryrepo": { - "union": [ - "member", - "owner", - "admin" - ] + "union": ["admin", "member", "owner"] }, "aserto.tenant.registry.v1.registry.deleteregistryrepo": { - "union": [ - "member", - "owner", - "admin" - ] + "union": ["admin", "member", "owner"] }, "aserto.tenant.registry.v1.registry.getregistryrepotag": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["member", "viewer", "owner", "admin"] }, "aserto.tenant.registry.v1.registry.listorgs": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["viewer", "owner", "admin", "member"] }, "aserto.tenant.registry.v1.registry.listregistryrepodigests": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["admin", "member", "viewer", "owner"] }, "aserto.tenant.registry.v1.registry.listregistryrepos": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["viewer", "owner", "admin", "member"] }, "aserto.tenant.registry.v1.registry.listregistryrepotags": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["owner", "admin", "member", "viewer"] }, "aserto.tenant.registry.v1.registry.registryrepoavailable": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["owner", "admin", "member", "viewer"] }, "aserto.tenant.registry.v1.registry.validpolicyregistryrepotag": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["viewer", "owner", "admin", "member"] }, "aserto.tenant.scc.v1.sourcecodectl.createrepo": { - "union": [ - "member", - "owner", - "admin" - ] + "union": ["owner", "admin", "member"] }, "aserto.tenant.scc.v1.sourcecodectl.getprofile": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["owner", "admin", "member", "viewer"] }, "aserto.tenant.scc.v1.sourcecodectl.getrepo": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["owner", "admin", "member", "viewer"] }, "aserto.tenant.scc.v1.sourcecodectl.isrepoconnected": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["owner", "admin", "member", "viewer"] }, "aserto.tenant.scc.v1.sourcecodectl.listorg": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["member", "viewer", "owner", "admin"] }, "aserto.tenant.scc.v1.sourcecodectl.listrepo": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["owner", "admin", "member", "viewer"] }, "aserto.tenant.scc.v1.sourcecodectl.listtemplates": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["admin", "member", "viewer", "owner"] }, "aserto.tenant.v2.account.deleteaccount": { - "union": [ - "owner", - "admin" - ] + "union": ["owner", "admin"] }, "aserto.tenant.v2.instance.createinstance": { - "union": [ - "member", - "owner", - "admin" - ] + "union": ["owner", "admin", "member"] }, "aserto.tenant.v2.instance.deleteinstance": { - "union": [ - "member", - "owner", - "admin" - ] + "union": ["owner", "admin", "member"] }, "aserto.tenant.v2.instance.listinstance": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["viewer", "owner", "admin", "member"] }, "aserto.tenant.v2.instance.updateinstance": { - "union": [ - "member", - "owner", - "admin" - ] + "union": ["admin", "member", "owner"] }, "aserto.tenant.v2.policy.createpolicy": { - "union": [ - "member", - "owner", - "admin" - ] + "union": ["owner", "admin", "member"] }, "aserto.tenant.v2.policy.deletepolicy": { - "union": [ - "member", - "owner", - "admin" - ] + "union": ["member", "owner", "admin"] }, "aserto.tenant.v2.policy.getpolicy": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["admin", "member", "viewer", "owner"] }, "aserto.tenant.v2.policy.listpolicy": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["owner", "admin", "member", "viewer"] }, "aserto.tenant.v2.policy.policynameavailable": { - "union": [ - "member", - "owner", - "admin" - ] + "union": ["owner", "admin", "member"] }, "aserto.tenant.v2.policy.updatepolicy": { - "union": [ - "member", - "owner", - "admin" - ] + "union": ["owner", "admin", "member"] }, "aserto.tenant.v2.policystate.getpolicystate": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["member", "viewer", "owner", "admin"] }, "aserto.tenant.v2.policystate.setpolicystate": { - "union": [ - "member", - "owner", - "admin" - ] + "union": ["owner", "admin", "member"] }, "aserto.tenant.v2.repository.createrepository": { - "union": [ - "member", - "owner", - "admin" - ] + "union": ["owner", "admin", "member"] }, "aserto.tenant.v2.repository.deleterepository": { - "union": [ - "member", - "owner", - "admin" - ] + "union": ["owner", "admin", "member"] }, "aserto.tenant.v2.repository.getrepository": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["owner", "admin", "member", "viewer"] }, "aserto.tenant.v2.repository.updaterepository": { - "union": [ - "member", - "owner", - "admin" - ] + "union": ["owner", "admin", "member"] }, "aserto.tenant.v2.source.createsource": { - "union": [ - "member", - "owner", - "admin" - ] + "union": ["owner", "admin", "member"] }, "aserto.tenant.v2.source.deletesource": { - "union": [ - "member", - "owner", - "admin" - ] + "union": ["member", "owner", "admin"] }, "aserto.tenant.v2.source.getsource": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["admin", "member", "viewer", "owner"] }, "aserto.tenant.v2.source.updatesource": { - "union": [ - "member", - "owner", - "admin" - ] - }, - "aserto.tenant.v2.tenant.deletetenant": { - "union": [ - "owner", - "admin" - ] + "union": ["owner", "admin", "member"] }, + "aserto.tenant.v2.tenant.deletetenant": { "union": ["owner", "admin"] }, "grpc.reflection.v1alpha.serverreflection.serverreflectioninfo": { - "union": [ - "member", - "owner", - "viewer", - "admin" - ] + "union": ["owner", "admin", "member", "viewer"] } } }, - "tenant-name": { - "relations": { - "tenant": [] - } - }, - "user": { - "relations": { - "manager": [] - } - }, - "user-v1": {} - } + "tenant-name": { "relations": { "tenant": [{ "direct": "tenant" }] } }, + "user": { "relations": { "manager": [{ "direct": "user" }] } } + }, + "metadata": null } diff --git a/v3/manifest.go b/v3/manifest.go index 7e6876d..6bc9bca 100644 --- a/v3/manifest.go +++ b/v3/manifest.go @@ -13,7 +13,7 @@ const SupportedSchemaVersion int = 3 const ( unionIdentifier string = "|" intersectionIdentifier string = "&" - exclusionIdentifier string = "-" + exclusionIdentifier string = " - " relationIdentifier string = "#" wildcardIdentifier string = ":*" arrowIdentifier string = "->"