From 332492cc34b2f626bf468b9f489e8c23c8dca1ba Mon Sep 17 00:00:00 2001 From: Ronen Hilewicz Date: Thu, 30 Nov 2023 19:10:49 -0500 Subject: [PATCH] Wire parser to loader --- cache/expand_test.json | 2093 +++++++++++++++++++++++++++++++--------- cache/path_test.go | 23 +- model/model.json | 75 +- model/model_test.go | 10 +- parser/Azm.g4 | 2 +- parser/AzmLexer.interp | 2 +- parser/azm_lexer.go | 2 +- parser/parse.go | 30 + parser/parser_test.go | 39 +- v3/load.go | 75 +- v3/manifest.go | 147 +-- 11 files changed, 1729 insertions(+), 769 deletions(-) create mode 100644 parser/parse.go diff --git a/cache/expand_test.json b/cache/expand_test.json index 754443e..a182e7e 100644 --- a/cache/expand_test.json +++ b/cache/expand_test.json @@ -1,5 +1,5 @@ { - "version": 1, + "version": 2, "types": { "account": { "relations": { "owner": [{ "direct": "user" }] } }, "group": { "relations": { "member": [{ "direct": "user" }] } }, @@ -24,555 +24,882 @@ }, "permissions": { "aserto.authorizer.authorizer.v1.authorizer.decisiontree": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.authorizer.authorizer.v1.authorizer.is": { + "union": [{ "rel_or_perm": "admin" }] }, - "aserto.authorizer.authorizer.v1.authorizer.is": { "union": ["admin"] }, "aserto.authorizer.authorizer.v1.authorizer.query": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.authorizer.directory.v1.directory.createtenant": { - "union": ["admin", "directory-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-writer" } + ] }, "aserto.authorizer.directory.v1.directory.createuser": { - "union": ["admin", "directory-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-writer" } + ] }, "aserto.authorizer.directory.v1.directory.deleteapplpermission": { - "union": ["admin", "directory-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-writer" } + ] }, "aserto.authorizer.directory.v1.directory.deleteapplproperty": { - "union": ["admin", "directory-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-writer" } + ] }, "aserto.authorizer.directory.v1.directory.deleteapplrole": { - "union": ["admin", "directory-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-writer" } + ] }, "aserto.authorizer.directory.v1.directory.deleteresource": { - "union": ["admin", "directory-writer"] + "union": [ + { "rel_or_perm": "directory-writer" }, + { "rel_or_perm": "admin" } + ] }, "aserto.authorizer.directory.v1.directory.deletetenant": { - "union": ["admin", "directory-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-writer" } + ] }, "aserto.authorizer.directory.v1.directory.deleteuser": { - "union": ["admin", "directory-writer"] + "union": [ + { "rel_or_perm": "directory-writer" }, + { "rel_or_perm": "admin" } + ] }, "aserto.authorizer.directory.v1.directory.deleteuserapplication": { - "union": ["admin", "directory-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-writer" } + ] }, "aserto.authorizer.directory.v1.directory.deleteuserpermission": { - "union": ["admin", "directory-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-writer" } + ] }, "aserto.authorizer.directory.v1.directory.deleteuserproperty": { - "union": ["admin", "directory-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-writer" } + ] }, "aserto.authorizer.directory.v1.directory.deleteuserrole": { - "union": ["admin", "directory-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-writer" } + ] }, "aserto.authorizer.directory.v1.directory.getapplpermissions": { - "union": ["directory-reader", "admin"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-reader" } + ] }, "aserto.authorizer.directory.v1.directory.getapplproperties": { - "union": ["admin", "directory-reader"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-reader" } + ] }, "aserto.authorizer.directory.v1.directory.getapplroles": { - "union": ["admin", "directory-reader"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-reader" } + ] }, "aserto.authorizer.directory.v1.directory.getidentity": { - "union": ["admin", "directory-reader"] + "union": [ + { "rel_or_perm": "directory-reader" }, + { "rel_or_perm": "admin" } + ] }, "aserto.authorizer.directory.v1.directory.getresource": { - "union": ["admin", "directory-reader"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-reader" } + ] }, "aserto.authorizer.directory.v1.directory.getuser": { - "union": ["admin", "directory-reader"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-reader" } + ] }, "aserto.authorizer.directory.v1.directory.getuserpermissions": { - "union": ["admin", "directory-reader"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-reader" } + ] }, "aserto.authorizer.directory.v1.directory.getuserproperties": { - "union": ["directory-reader", "admin"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-reader" } + ] }, "aserto.authorizer.directory.v1.directory.getuserroles": { - "union": ["admin", "directory-reader"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-reader" } + ] }, "aserto.authorizer.directory.v1.directory.getvalue": { - "union": ["admin", "directory-reader"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-reader" } + ] }, "aserto.authorizer.directory.v1.directory.listresources": { - "union": ["admin", "directory-reader"] + "union": [ + { "rel_or_perm": "directory-reader" }, + { "rel_or_perm": "admin" } + ] }, "aserto.authorizer.directory.v1.directory.listtenants": { - "union": ["admin", "directory-reader"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-reader" } + ] }, "aserto.authorizer.directory.v1.directory.listuserapplications": { - "union": ["admin", "directory-reader"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-reader" } + ] }, "aserto.authorizer.directory.v1.directory.listusers": { - "union": ["admin", "directory-reader"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-reader" } + ] }, "aserto.authorizer.directory.v1.directory.loadusers": { - "union": ["admin", "directory-writer"] + "union": [ + { "rel_or_perm": "directory-writer" }, + { "rel_or_perm": "admin" } + ] }, "aserto.authorizer.directory.v1.directory.setapplpermission": { - "union": ["admin", "directory-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-writer" } + ] }, "aserto.authorizer.directory.v1.directory.setapplpermissions": { - "union": ["admin", "directory-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-writer" } + ] }, "aserto.authorizer.directory.v1.directory.setapplproperties": { - "union": ["admin", "directory-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-writer" } + ] }, "aserto.authorizer.directory.v1.directory.setapplproperty": { - "union": ["directory-writer", "admin"] + "union": [ + { "rel_or_perm": "directory-writer" }, + { "rel_or_perm": "admin" } + ] }, "aserto.authorizer.directory.v1.directory.setapplrole": { - "union": ["admin", "directory-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-writer" } + ] }, "aserto.authorizer.directory.v1.directory.setapplroles": { - "union": ["admin", "directory-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-writer" } + ] }, "aserto.authorizer.directory.v1.directory.setresource": { - "union": ["admin", "directory-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-writer" } + ] }, "aserto.authorizer.directory.v1.directory.setuserpermission": { - "union": ["admin", "directory-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-writer" } + ] }, "aserto.authorizer.directory.v1.directory.setuserpermissions": { - "union": ["admin", "directory-writer"] + "union": [ + { "rel_or_perm": "directory-writer" }, + { "rel_or_perm": "admin" } + ] }, "aserto.authorizer.directory.v1.directory.setuserproperties": { - "union": ["admin", "directory-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-writer" } + ] }, "aserto.authorizer.directory.v1.directory.setuserproperty": { - "union": ["admin", "directory-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-writer" } + ] }, "aserto.authorizer.directory.v1.directory.setuserrole": { - "union": ["admin", "directory-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-writer" } + ] }, "aserto.authorizer.directory.v1.directory.setuserroles": { - "union": ["admin", "directory-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-writer" } + ] }, "aserto.authorizer.directory.v1.directory.updateuser": { - "union": ["admin", "directory-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-writer" } + ] + }, + "aserto.authorizer.policy.v1.policy.getmodule": { + "union": [{ "rel_or_perm": "admin" }] }, - "aserto.authorizer.policy.v1.policy.getmodule": { "union": ["admin"] }, "aserto.authorizer.policy.v1.policy.getpolicies": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.authorizer.policy.v1.policy.listpolicies": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.authorizer.system.v1.system.getruntime": { + "union": [{ "rel_or_perm": "admin" }] }, - "aserto.authorizer.system.v1.system.getruntime": { "union": ["admin"] }, "aserto.authorizer.system.v1.system.setloglevel": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.authorizer.system.v1.system.setupruntime": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.authorizer.system.v1.system.tenantconfig": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.authorizer.system.v1.system.unloadruntime": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.common.info.v1.config.get": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.common.info.v1.info.info": { + "union": [{ "rel_or_perm": "admin" }] }, - "aserto.common.info.v1.config.get": { "union": ["admin"] }, - "aserto.common.info.v1.info.info": { "union": ["admin"] }, "aserto.decision_logs.v1.decisionlogs.executequery": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.decision_logs.v1.decisionlogs.getdecisionlog": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.decision_logs.v1.decisionlogs.getdecisions": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.decision_logs.v1.decisionlogs.getuser": { + "union": [{ "rel_or_perm": "admin" }] }, - "aserto.decision_logs.v1.decisionlogs.getuser": { "union": ["admin"] }, "aserto.decision_logs.v1.decisionlogs.listdecisionlogs": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.decision_logs.v1.decisionlogs.listusers": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.decision_logs.v2.decisionlogs.executequery": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.decision_logs.v2.decisionlogs.getdecisionlog": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.decision_logs.v2.decisionlogs.getdecisions": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.decision_logs.v2.decisionlogs.getuser": { + "union": [{ "rel_or_perm": "admin" }] }, - "aserto.decision_logs.v2.decisionlogs.getuser": { "union": ["admin"] }, "aserto.decision_logs.v2.decisionlogs.listdecisionlogs": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.decision_logs.v2.decisionlogs.listusers": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.directory.exporter.v2.exporter.export": { - "union": ["directory-reader"] + "union": [{ "rel_or_perm": "directory-reader" }] + }, + "aserto.directory.exporter.v3.exporter.export": { + "union": [{ "rel_or_perm": "directory-reader" }] }, "aserto.directory.importer.v2.importer.import": { - "union": ["directory-writer"] + "union": [{ "rel_or_perm": "directory-writer" }] + }, + "aserto.directory.importer.v3.importer.import": { + "union": [{ "rel_or_perm": "directory-writer" }] + }, + "aserto.directory.model.v3.model.deletemanifest": { + "union": [{ "rel_or_perm": "directory-writer" }] + }, + "aserto.directory.model.v3.model.getmanifest": { + "union": [{ "rel_or_perm": "directory-reader" }] + }, + "aserto.directory.model.v3.model.setmanifest": { + "union": [{ "rel_or_perm": "directory-writer" }] }, "aserto.directory.reader.v2.reader.checkpermission": { - "union": ["directory-reader"] + "union": [{ "rel_or_perm": "directory-reader" }] }, "aserto.directory.reader.v2.reader.checkrelation": { - "union": ["directory-reader"] + "union": [{ "rel_or_perm": "directory-reader" }] }, "aserto.directory.reader.v2.reader.getgraph": { - "union": ["directory-reader"] + "union": [{ "rel_or_perm": "directory-reader" }] }, "aserto.directory.reader.v2.reader.getobject": { - "union": ["directory-reader"] + "union": [{ "rel_or_perm": "directory-reader" }] }, "aserto.directory.reader.v2.reader.getobjectmany": { - "union": ["directory-reader"] + "union": [{ "rel_or_perm": "directory-reader" }] }, "aserto.directory.reader.v2.reader.getobjects": { - "union": ["directory-reader"] + "union": [{ "rel_or_perm": "directory-reader" }] }, "aserto.directory.reader.v2.reader.getobjecttype": { - "union": ["directory-reader"] + "union": [{ "rel_or_perm": "directory-reader" }] }, "aserto.directory.reader.v2.reader.getobjecttypes": { - "union": ["directory-reader"] + "union": [{ "rel_or_perm": "directory-reader" }] }, "aserto.directory.reader.v2.reader.getpermission": { - "union": ["directory-reader"] + "union": [{ "rel_or_perm": "directory-reader" }] }, "aserto.directory.reader.v2.reader.getpermissions": { - "union": ["directory-reader"] + "union": [{ "rel_or_perm": "directory-reader" }] }, "aserto.directory.reader.v2.reader.getrelation": { - "union": ["directory-reader"] + "union": [{ "rel_or_perm": "directory-reader" }] }, "aserto.directory.reader.v2.reader.getrelations": { - "union": ["directory-reader"] + "union": [{ "rel_or_perm": "directory-reader" }] }, "aserto.directory.reader.v2.reader.getrelationtype": { - "union": ["directory-reader"] + "union": [{ "rel_or_perm": "directory-reader" }] }, "aserto.directory.reader.v2.reader.getrelationtypes": { - "union": ["directory-reader"] + "union": [{ "rel_or_perm": "directory-reader" }] + }, + "aserto.directory.reader.v3.reader.check": { + "union": [{ "rel_or_perm": "directory-reader" }] + }, + "aserto.directory.reader.v3.reader.checkpermission": { + "union": [{ "rel_or_perm": "directory-reader" }] + }, + "aserto.directory.reader.v3.reader.checkrelation": { + "union": [{ "rel_or_perm": "directory-reader" }] + }, + "aserto.directory.reader.v3.reader.getgraph": { + "union": [{ "rel_or_perm": "directory-reader" }] + }, + "aserto.directory.reader.v3.reader.getobject": { + "union": [{ "rel_or_perm": "directory-reader" }] + }, + "aserto.directory.reader.v3.reader.getobjectmany": { + "union": [{ "rel_or_perm": "directory-reader" }] + }, + "aserto.directory.reader.v3.reader.getobjects": { + "union": [{ "rel_or_perm": "directory-reader" }] + }, + "aserto.directory.reader.v3.reader.getrelation": { + "union": [{ "rel_or_perm": "directory-reader" }] + }, + "aserto.directory.reader.v3.reader.getrelations": { + "union": [{ "rel_or_perm": "directory-reader" }] }, "aserto.directory.store.v2.store.createtenant": { - "union": ["directory-store-writer"] + "union": [{ "rel_or_perm": "directory-store-writer" }] + }, + "aserto.directory.store.v2.store.deleteidpconnection": { + "union": [{ "rel_or_perm": "directory-store-writer" }] }, "aserto.directory.store.v2.store.deletetenant": { - "union": ["directory-store-writer"] + "union": [{ "rel_or_perm": "directory-store-writer" }] }, "aserto.directory.store.v2.store.gettenant": { - "union": ["directory-store-reader"] + "union": [{ "rel_or_perm": "directory-store-reader" }] }, "aserto.directory.store.v2.store.info": { - "union": ["directory-store-writer"] + "union": [{ "rel_or_perm": "directory-store-writer" }] }, "aserto.directory.store.v2.store.listtenants": { - "union": ["directory-store-reader"] + "union": [{ "rel_or_perm": "directory-store-reader" }] }, "aserto.directory.store.v2.store.migrateschema": { - "union": ["directory-store-writer"] + "union": [{ "rel_or_perm": "directory-store-writer" }] + }, + "aserto.directory.store.v2.store.purgedeletedtenants": { + "union": [{ "rel_or_perm": "directory-store-writer" }] }, "aserto.directory.writer.v2.writer.deleteobject": { - "union": ["directory-writer"] + "union": [{ "rel_or_perm": "directory-writer" }] }, "aserto.directory.writer.v2.writer.deleteobjecttype": { - "union": ["directory-writer"] + "union": [{ "rel_or_perm": "directory-writer" }] }, "aserto.directory.writer.v2.writer.deletepermission": { - "union": ["directory-writer"] + "union": [{ "rel_or_perm": "directory-writer" }] }, "aserto.directory.writer.v2.writer.deleterelation": { - "union": ["directory-writer"] + "union": [{ "rel_or_perm": "directory-writer" }] }, "aserto.directory.writer.v2.writer.deleterelationtype": { - "union": ["directory-writer"] + "union": [{ "rel_or_perm": "directory-writer" }] }, "aserto.directory.writer.v2.writer.setobject": { - "union": ["directory-writer"] + "union": [{ "rel_or_perm": "directory-writer" }] }, "aserto.directory.writer.v2.writer.setobjecttype": { - "union": ["directory-writer"] + "union": [{ "rel_or_perm": "directory-writer" }] }, "aserto.directory.writer.v2.writer.setpermission": { - "union": ["directory-writer"] + "union": [{ "rel_or_perm": "directory-writer" }] }, "aserto.directory.writer.v2.writer.setrelation": { - "union": ["directory-writer"] + "union": [{ "rel_or_perm": "directory-writer" }] }, "aserto.directory.writer.v2.writer.setrelationtype": { - "union": ["directory-writer"] + "union": [{ "rel_or_perm": "directory-writer" }] + }, + "aserto.directory.writer.v3.writer.deleteobject": { + "union": [{ "rel_or_perm": "directory-writer" }] + }, + "aserto.directory.writer.v3.writer.deleterelation": { + "union": [{ "rel_or_perm": "directory-writer" }] + }, + "aserto.directory.writer.v3.writer.setobject": { + "union": [{ "rel_or_perm": "directory-writer" }] + }, + "aserto.directory.writer.v3.writer.setrelation": { + "union": [{ "rel_or_perm": "directory-writer" }] }, "aserto.discovery.policy.v1.discovery.opadiscovery": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.discovery.policy.v2.discovery.opainstancediscovery": { - "union": ["admin"] - }, - "aserto.funnel.v1.funnel.runworkflow": { "union": ["admin"] }, - "aserto.funnel.v1.funnel.startworkflow": { "union": ["admin"] }, - "aserto.funnel.v1.funnel.stopworkflow": { "union": ["admin"] }, - "aserto.maestro.system.aonadeleteorg": { "union": ["admin"] }, - "aserto.maestro.system.authorizerdeleteorg": { "union": ["admin"] }, - "aserto.maestro.system.harddeleteorg": { "union": ["admin"] }, - "aserto.maestro.system.tenantdeleteorg": { "union": ["admin"] }, - "aserto.maestro.user.getpolicystate": { "union": ["admin"] }, - "aserto.maestro.user.policy": { "union": ["admin"] }, - "aserto.maestro.user.testwf": { "union": ["admin"] }, - "aserto.management.v2.controller.commandstream": { "union": ["admin"] }, - "aserto.management.v2.controlplane.execcommand": { "union": ["admin"] }, + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.funnel.v1.funnel.runworkflow": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.funnel.v1.funnel.startworkflow": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.funnel.v1.funnel.stopworkflow": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.maestro.system.aonadeleteorg": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.maestro.system.authorizerdeleteorg": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.maestro.system.harddeleteorg": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.maestro.system.tenantdeleteorg": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.maestro.user.getpolicystate": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.maestro.user.policy": { "union": [{ "rel_or_perm": "admin" }] }, + "aserto.maestro.user.testwf": { "union": [{ "rel_or_perm": "admin" }] }, + "aserto.management.v2.controller.commandstream": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.management.v2.controlplane.execcommand": { + "union": [{ "rel_or_perm": "admin" }] + }, "aserto.management.v2.controlplane.listinstanceregistrations": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.registry.v1.registry.createimage": { + "union": [{ "rel_or_perm": "admin" }] }, - "aserto.registry.v1.registry.createimage": { "union": ["admin"] }, "aserto.registry.v1.registry.getreadaccesstoken": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.registry.v1.registry.getwriteaccesstoken": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.registry.v1.registry.listdigests": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.registry.v1.registry.listimages": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.registry.v1.registry.listorgs": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.registry.v1.registry.listpublicimages": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.registry.v1.registry.listpublicorgs": { + "union": [{ "rel_or_perm": "admin" }] }, - "aserto.registry.v1.registry.listdigests": { "union": ["admin"] }, - "aserto.registry.v1.registry.listimages": { "union": ["admin"] }, - "aserto.registry.v1.registry.listorgs": { "union": ["admin"] }, - "aserto.registry.v1.registry.listpublicimages": { "union": ["admin"] }, - "aserto.registry.v1.registry.listpublicorgs": { "union": ["admin"] }, "aserto.registry.v1.registry.listtagswithdetails": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.registry.v1.registry.removeimage": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.registry.v1.registry.repoavailable": { + "union": [{ "rel_or_perm": "admin" }] }, - "aserto.registry.v1.registry.removeimage": { "union": ["admin"] }, - "aserto.registry.v1.registry.repoavailable": { "union": ["admin"] }, "aserto.registry.v1.registry.setimagevisibility": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.registry_tenant.v1.policy.createpolicyimage": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.registry_tenant.v1.policy.deletepolicyimage": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.registry_tenant.v1.policy.getpolicyimage": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.registry_tenant.v1.policy.listpolicyimages": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.registry_tenant.v1.policy.listpublicpolicyimages": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.registry_tenant.v1.policy.updatepolicyimage": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.registry_tenant.v1.policyrepo.createpolicyrepo": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.registry_tenant.v1.policyrepo.deletepolicyrepo": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.registry_tenant.v1.policyrepo.getpolicyrepo": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.registry_tenant.v1.policyrepo.listpolicyrepos": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.registry_tenant.v1.policyrepo.listpublicpolicyrepos": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.registry_tenant.v1.policyrepo.updatepolicyrepo": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.registry_tenant.v1.tenant.listpublictenants": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.registry_tenant.v1.tenant.listtenants": { + "union": [{ "rel_or_perm": "admin" }] }, - "aserto.registry_tenant.v1.tenant.listtenants": { "union": ["admin"] }, "aserto.system.v2.tenantcache.invalidatesecretskey": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.task.handler.v1.handler.handlejob": { - "union": ["task-handler"] + "union": [{ "rel_or_perm": "task-handler" }] }, "aserto.task.handler.v1.handler.handletask": { - "union": ["task-handler"] + "union": [{ "rel_or_perm": "task-handler" }] }, "aserto.task.manager.v1.manager.createjob": { - "union": ["task-manager"] + "union": [{ "rel_or_perm": "task-manager" }] }, "aserto.task.manager.v1.manager.createtask": { - "union": ["task-manager"] + "union": [{ "rel_or_perm": "task-manager" }] }, "aserto.task.manager.v1.manager.deletejob": { - "union": ["task-manager"] + "union": [{ "rel_or_perm": "task-manager" }] }, "aserto.task.manager.v1.manager.deletetask": { - "union": ["task-manager"] + "union": [{ "rel_or_perm": "task-manager" }] + }, + "aserto.task.manager.v1.manager.execjob": { + "union": [{ "rel_or_perm": "task-manager" }] }, - "aserto.task.manager.v1.manager.execjob": { "union": ["task-manager"] }, "aserto.task.manager.v1.manager.exectask": { - "union": ["task-manager"] + "union": [{ "rel_or_perm": "task-manager" }] + }, + "aserto.task.manager.v1.manager.getjob": { + "union": [{ "rel_or_perm": "task-manager" }] + }, + "aserto.task.manager.v1.manager.gettask": { + "union": [{ "rel_or_perm": "task-manager" }] + }, + "aserto.tenant.account.v1.account.getaccount": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.account.v1.account.listinvites": { + "union": [{ "rel_or_perm": "admin" }] }, - "aserto.task.manager.v1.manager.getjob": { "union": ["task-manager"] }, - "aserto.task.manager.v1.manager.gettask": { "union": ["task-manager"] }, - "aserto.tenant.account.v1.account.getaccount": { "union": ["admin"] }, - "aserto.tenant.account.v1.account.listinvites": { "union": ["admin"] }, "aserto.tenant.account.v1.account.signupaccount": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.tenant.account.v1.account.updateaccount": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.tenant.connection.v1.connection.connectionavailable": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.tenant.connection.v1.connection.createconnection": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.tenant.connection.v1.connection.deleteconnection": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.tenant.connection.v1.connection.getconnection": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.tenant.connection.v1.connection.listconnections": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.tenant.connection.v1.connection.rotatesecret": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.tenant.connection.v1.connection.updateconnection": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.tenant.connection.v1.connection.verifyconnection": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.tenant.onboarding.v1.onboarding.claimtenant": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.tenant.onboarding.v1.onboarding.inviteuser": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.tenant.onboarding.v1.onboarding.tenantavailable": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.tenant.policy.v1.policy.createpolicyref": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.tenant.policy.v1.policy.deletepolicyref": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.policy.v1.policy.listpolicyrefs": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.policy.v1.policy.opadiscovery": { + "union": [{ "rel_or_perm": "admin" }] }, - "aserto.tenant.policy.v1.policy.listpolicyrefs": { "union": ["admin"] }, - "aserto.tenant.policy.v1.policy.opadiscovery": { "union": ["admin"] }, "aserto.tenant.policy.v1.policy.opainstancediscovery": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.tenant.policy.v1.policy.updatepolicyref": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, - "aserto.tenant.policy_builder.v1.policybuilder.createpolicybuilder": { - "union": ["admin"] + "aserto.tenant.policy_builder.v1.policybuilder.createpolicybuilde": { + "union": [{ "rel_or_perm": "admin" }] }, - "aserto.tenant.policy_builder.v1.policybuilder.deletepolicybuilder": { - "union": ["admin"] + "aserto.tenant.policy_builder.v1.policybuilder.deletepolicybuilde": { + "union": [{ "rel_or_perm": "admin" }] }, "aserto.tenant.policy_builder.v1.policybuilder.listpolicybuilders": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.profile.v1.profile.getinvites": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.profile.v1.profile.getprofile": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.profile.v1.profile.inviteuser": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.profile.v1.profile.removemember": { + "union": [{ "rel_or_perm": "admin" }] }, - "aserto.tenant.profile.v1.profile.getinvites": { "union": ["admin"] }, - "aserto.tenant.profile.v1.profile.getprofile": { "union": ["admin"] }, - "aserto.tenant.profile.v1.profile.inviteuser": { "union": ["admin"] }, - "aserto.tenant.profile.v1.profile.removemember": { "union": ["admin"] }, "aserto.tenant.profile.v1.profile.respondtoinvite": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.tenant.provider.v1.provider.getprovider": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.tenant.provider.v1.provider.listproviderkinds": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.tenant.provider.v1.provider.listproviders": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.registry.v1.registry.clonerepo": { + "union": [{ "rel_or_perm": "admin" }] }, - "aserto.tenant.registry.v1.registry.clonerepo": { "union": ["admin"] }, "aserto.tenant.registry.v1.registry.createregistryrepo": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.tenant.registry.v1.registry.deleteregistryrepo": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.tenant.registry.v1.registry.getregistryrepotag": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.registry.v1.registry.listorgs": { + "union": [{ "rel_or_perm": "admin" }] }, - "aserto.tenant.registry.v1.registry.listorgs": { "union": ["admin"] }, "aserto.tenant.registry.v1.registry.listregistryrepodigests": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.tenant.registry.v1.registry.listregistryrepos": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.tenant.registry.v1.registry.listregistryrepotags": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.tenant.registry.v1.registry.registryrepoavailable": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.tenant.registry.v1.registry.validpolicyregistryrepotag": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.scc.v1.sourcecodectl.createrepo": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.scc.v1.sourcecodectl.getprofile": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.scc.v1.sourcecodectl.getrepo": { + "union": [{ "rel_or_perm": "admin" }] }, - "aserto.tenant.scc.v1.sourcecodectl.createrepo": { "union": ["admin"] }, - "aserto.tenant.scc.v1.sourcecodectl.getprofile": { "union": ["admin"] }, - "aserto.tenant.scc.v1.sourcecodectl.getrepo": { "union": ["admin"] }, "aserto.tenant.scc.v1.sourcecodectl.isrepoconnected": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.scc.v1.sourcecodectl.listorg": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.scc.v1.sourcecodectl.listrepo": { + "union": [{ "rel_or_perm": "admin" }] }, - "aserto.tenant.scc.v1.sourcecodectl.listorg": { "union": ["admin"] }, - "aserto.tenant.scc.v1.sourcecodectl.listrepo": { "union": ["admin"] }, "aserto.tenant.scc.v1.sourcecodectl.listtemplates": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.system.v1.system.deleteaccount": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.system.v1.system.deletetenant": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.system.v1.system.getaccount": { + "union": [{ "rel_or_perm": "admin" }] }, - "aserto.tenant.system.v1.system.deleteaccount": { "union": ["admin"] }, - "aserto.tenant.system.v1.system.deletetenant": { "union": ["admin"] }, - "aserto.tenant.system.v1.system.getaccount": { "union": ["admin"] }, "aserto.tenant.system.v1.system.getmachineaccount": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.system.v1.system.listaccounts": { + "union": [{ "rel_or_perm": "admin" }] }, - "aserto.tenant.system.v1.system.listaccounts": { "union": ["admin"] }, "aserto.tenant.system.v1.system.listdeletedtenants": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.system.v1.system.listtenants": { + "union": [{ "rel_or_perm": "admin" }] }, - "aserto.tenant.system.v1.system.listtenants": { "union": ["admin"] }, "aserto.tenant.system.v1.system.restoredeletedtenant": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] }, "aserto.tenant.system.v1.system.setaccountdeleted": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.system.v1.system.setloglevel": { + "union": [{ "rel_or_perm": "admin" }] }, - "aserto.tenant.system.v1.system.setloglevel": { "union": ["admin"] }, "aserto.tenant.system.v1.system.settenantdeleted": { - "union": ["admin"] - }, - "aserto.tenant.v2.account.deleteaccount": { "union": ["admin"] }, - "aserto.tenant.v2.instance.createinstance": { "union": ["admin"] }, - "aserto.tenant.v2.instance.deleteinstance": { "union": ["admin"] }, - "aserto.tenant.v2.instance.listinstance": { "union": ["admin"] }, - "aserto.tenant.v2.instance.updateinstance": { "union": ["admin"] }, - "aserto.tenant.v2.policy.createpolicy": { "union": ["admin"] }, - "aserto.tenant.v2.policy.deletepolicy": { "union": ["admin"] }, - "aserto.tenant.v2.policy.getpolicy": { "union": ["admin"] }, - "aserto.tenant.v2.policy.listpolicy": { "union": ["admin"] }, - "aserto.tenant.v2.policy.policynameavailable": { "union": ["admin"] }, - "aserto.tenant.v2.policy.updatepolicy": { "union": ["admin"] }, - "aserto.tenant.v2.policystate.getpolicystate": { "union": ["admin"] }, - "aserto.tenant.v2.policystate.setpolicystate": { "union": ["admin"] }, - "aserto.tenant.v2.repository.createrepository": { "union": ["admin"] }, - "aserto.tenant.v2.repository.deleterepository": { "union": ["admin"] }, - "aserto.tenant.v2.repository.getrepository": { "union": ["admin"] }, - "aserto.tenant.v2.repository.updaterepository": { "union": ["admin"] }, - "aserto.tenant.v2.source.createsource": { "union": ["admin"] }, - "aserto.tenant.v2.source.deletesource": { "union": ["admin"] }, - "aserto.tenant.v2.source.getsource": { "union": ["admin"] }, - "aserto.tenant.v2.source.updatesource": { "union": ["admin"] }, - "aserto.tenant.v2.tenant.deletetenant": { "union": ["admin"] }, + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.v2.account.deleteaccount": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.v2.instance.createinstance": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.v2.instance.deleteinstance": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.v2.instance.listinstance": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.v2.instance.updateinstance": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.v2.policy.createpolicy": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.v2.policy.deletepolicy": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.v2.policy.getpolicy": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.v2.policy.listpolicy": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.v2.policy.policynameavailable": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.v2.policy.updatepolicy": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.v2.policystate.getpolicystate": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.v2.policystate.setpolicystate": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.v2.repository.createrepository": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.v2.repository.deleterepository": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.v2.repository.getrepository": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.v2.repository.updaterepository": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.v2.source.createsource": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.v2.source.deletesource": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.v2.source.getsource": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.v2.source.updatesource": { + "union": [{ "rel_or_perm": "admin" }] + }, + "aserto.tenant.v2.tenant.deletetenant": { + "union": [{ "rel_or_perm": "admin" }] + }, "grpc.reflection.v1alpha.serverreflection.serverreflectioninfo": { - "union": ["admin"] + "union": [{ "rel_or_perm": "admin" }] } } }, @@ -603,648 +930,1460 @@ }, "permissions": { "aserto.authorizer.authorizer.v1.authorizer.decisiontree": { - "union": ["member", "viewer", "owner", "admin"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" } + ] }, "aserto.authorizer.authorizer.v1.authorizer.is": { - "union": ["owner", "admin", "member", "viewer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "owner" } + ] }, "aserto.authorizer.authorizer.v1.authorizer.query": { - "union": ["owner", "admin", "member", "viewer"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" } + ] }, "aserto.authorizer.directory.v1.directory.createtenant": { - "union": ["admin", "directory-client-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] }, "aserto.authorizer.directory.v1.directory.createuser": { - "union": ["admin", "directory-client-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] }, "aserto.authorizer.directory.v1.directory.deleteapplpermission": { - "union": ["owner", "admin", "directory-client-writer"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] }, "aserto.authorizer.directory.v1.directory.deleteapplproperty": { - "union": ["owner", "admin", "directory-client-writer"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] }, "aserto.authorizer.directory.v1.directory.deleteapplrole": { - "union": ["owner", "admin", "directory-client-writer"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] }, "aserto.authorizer.directory.v1.directory.deleteresource": { - "union": ["owner", "admin", "member", "directory-client-writer"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "directory-client-writer" } + ] }, "aserto.authorizer.directory.v1.directory.deletetenant": { - "union": ["admin", "directory-client-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] }, "aserto.authorizer.directory.v1.directory.deleteuser": { - "union": ["directory-client-writer", "admin"] - }, + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] + }, "aserto.authorizer.directory.v1.directory.deleteuserapplication": { - "union": ["admin", "directory-client-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] }, "aserto.authorizer.directory.v1.directory.deleteuserpermission": { - "union": ["directory-client-writer", "admin"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] }, "aserto.authorizer.directory.v1.directory.deleteuserproperty": { - "union": ["admin", "directory-client-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] }, "aserto.authorizer.directory.v1.directory.deleteuserrole": { - "union": ["admin", "directory-client-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] }, "aserto.authorizer.directory.v1.directory.getapplpermissions": { "union": [ - "member", - "viewer", - "directory-client-reader", - "owner", - "admin" + { "rel_or_perm": "directory-client-reader" }, + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" } ] }, "aserto.authorizer.directory.v1.directory.getapplproperties": { "union": [ - "admin", - "member", - "viewer", - "directory-client-reader", - "owner" + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "directory-client-reader" } ] }, "aserto.authorizer.directory.v1.directory.getapplroles": { "union": [ - "owner", - "admin", - "member", - "viewer", - "directory-client-reader" + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "directory-client-reader" } ] }, "aserto.authorizer.directory.v1.directory.getidentity": { "union": [ - "admin", - "member", - "viewer", - "directory-client-reader", - "owner" + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "directory-client-reader" } ] }, "aserto.authorizer.directory.v1.directory.getresource": { "union": [ - "owner", - "admin", - "member", - "viewer", - "directory-client-reader" + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "directory-client-reader" } ] }, "aserto.authorizer.directory.v1.directory.getuser": { "union": [ - "viewer", - "directory-client-reader", - "owner", - "admin", - "member" + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "directory-client-reader" } ] }, "aserto.authorizer.directory.v1.directory.getuserpermissions": { "union": [ - "admin", - "member", - "viewer", - "directory-client-reader", - "owner" + { "rel_or_perm": "directory-client-reader" }, + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" } ] }, "aserto.authorizer.directory.v1.directory.getuserproperties": { "union": [ - "owner", - "admin", - "member", - "viewer", - "directory-client-reader" + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "directory-client-reader" }, + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } ] }, "aserto.authorizer.directory.v1.directory.getuserroles": { "union": [ - "owner", - "admin", - "member", - "viewer", - "directory-client-reader" + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "directory-client-reader" }, + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" } ] }, "aserto.authorizer.directory.v1.directory.getvalue": { - "union": ["viewer", "directory-client-reader"] + "union": [ + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "directory-client-reader" } + ] }, "aserto.authorizer.directory.v1.directory.listresources": { "union": [ - "owner", - "admin", - "member", - "viewer", - "directory-client-reader" + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "directory-client-reader" }, + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } ] }, "aserto.authorizer.directory.v1.directory.listtenants": { - "union": ["viewer", "directory-client-reader"] + "union": [ + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "directory-client-reader" } + ] }, "aserto.authorizer.directory.v1.directory.listuserapplications": { "union": [ - "directory-client-reader", - "owner", - "admin", - "member", - "viewer" + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "directory-client-reader" } ] }, "aserto.authorizer.directory.v1.directory.listusers": { - "union": ["directory-client-reader", "viewer"] + "union": [ + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "directory-client-reader" } + ] }, "aserto.authorizer.directory.v1.directory.loadusers": { - "union": ["admin", "directory-client-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] }, "aserto.authorizer.directory.v1.directory.setapplpermission": { - "union": ["owner", "admin", "directory-client-writer"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] }, "aserto.authorizer.directory.v1.directory.setapplpermissions": { - "union": ["owner", "admin", "directory-client-writer"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] }, "aserto.authorizer.directory.v1.directory.setapplproperties": { - "union": ["owner", "admin", "directory-client-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" }, + { "rel_or_perm": "owner" } + ] }, "aserto.authorizer.directory.v1.directory.setapplproperty": { - "union": ["owner", "admin", "directory-client-writer"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] }, "aserto.authorizer.directory.v1.directory.setapplrole": { - "union": ["owner", "admin", "directory-client-writer"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] }, "aserto.authorizer.directory.v1.directory.setapplroles": { - "union": ["owner", "admin", "directory-client-writer"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] }, "aserto.authorizer.directory.v1.directory.setresource": { - "union": ["member", "directory-client-writer", "owner", "admin"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "directory-client-writer" } + ] }, "aserto.authorizer.directory.v1.directory.setuserpermission": { - "union": ["admin", "directory-client-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] }, "aserto.authorizer.directory.v1.directory.setuserpermissions": { - "union": ["admin", "directory-client-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] }, "aserto.authorizer.directory.v1.directory.setuserproperties": { - "union": ["admin", "directory-client-writer"] + "union": [ + { "rel_or_perm": "directory-client-writer" }, + { "rel_or_perm": "admin" } + ] }, "aserto.authorizer.directory.v1.directory.setuserproperty": { - "union": ["directory-client-writer", "admin"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] }, "aserto.authorizer.directory.v1.directory.setuserrole": { - "union": ["admin", "directory-client-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] }, "aserto.authorizer.directory.v1.directory.setuserroles": { - "union": ["admin", "directory-client-writer"] + "union": [ + { "rel_or_perm": "directory-client-writer" }, + { "rel_or_perm": "admin" } + ] }, "aserto.authorizer.directory.v1.directory.updateuser": { - "union": ["admin", "directory-client-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] }, "aserto.authorizer.system.v1.system.unloadruntime": { - "union": ["owner", "admin"] + "union": [{ "rel_or_perm": "owner" }, { "rel_or_perm": "admin" }] }, "aserto.common.info.v1.info.info": { - "union": ["owner", "admin", "member", "viewer"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" } + ] }, "aserto.decision_logs.v1.decisionlogs.executequery": { - "union": ["decision-log-reader", "owner", "admin", "member"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "decision-log-reader" } + ] }, "aserto.decision_logs.v1.decisionlogs.getdecisionlog": { - "union": ["owner", "admin", "member", "decision-log-reader"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "decision-log-reader" } + ] }, "aserto.decision_logs.v1.decisionlogs.getdecisions": { - "union": ["member", "decision-log-reader", "owner", "admin"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "decision-log-reader" } + ] }, "aserto.decision_logs.v1.decisionlogs.getuser": { - "union": ["member", "decision-log-reader", "owner", "admin"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "decision-log-reader" } + ] }, "aserto.decision_logs.v1.decisionlogs.listdecisionlogs": { - "union": ["member", "decision-log-reader", "owner", "admin"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "decision-log-reader" }, + { "rel_or_perm": "owner" } + ] }, "aserto.decision_logs.v1.decisionlogs.listusers": { - "union": ["decision-log-reader", "owner", "admin", "member"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "decision-log-reader" } + ] }, "aserto.decision_logs.v2.decisionlogs.executequery": { - "union": ["owner", "admin", "member", "decision-log-reader"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "decision-log-reader" } + ] }, "aserto.decision_logs.v2.decisionlogs.getdecisionlog": { - "union": ["member", "decision-log-reader", "owner", "admin"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "decision-log-reader" } + ] }, "aserto.decision_logs.v2.decisionlogs.getdecisions": { - "union": ["owner", "admin", "member", "decision-log-reader"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "decision-log-reader" } + ] }, "aserto.decision_logs.v2.decisionlogs.getuser": { - "union": ["owner", "admin", "member", "decision-log-reader"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "decision-log-reader" } + ] }, "aserto.decision_logs.v2.decisionlogs.listdecisionlogs": { - "union": ["owner", "admin", "member", "decision-log-reader"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "decision-log-reader" } + ] }, "aserto.decision_logs.v2.decisionlogs.listusers": { - "union": ["member", "decision-log-reader", "owner", "admin"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "decision-log-reader" }, + { "rel_or_perm": "owner" } + ] }, "aserto.directory.exporter.v2.exporter.export": { - "union": ["viewer", "directory-client-reader"] + "union": [ + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "directory-client-reader" } + ] + }, + "aserto.directory.exporter.v3.exporter.export": { + "union": [ + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "directory-client-reader" } + ] }, "aserto.directory.importer.v2.importer.import": { - "union": ["admin", "directory-client-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] + }, + "aserto.directory.importer.v3.importer.import": { + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] + }, + "aserto.directory.model.v3.model.deletemanifest": { + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] + }, + "aserto.directory.model.v3.model.getmanifest": { + "union": [ + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "directory-client-reader" } + ] + }, + "aserto.directory.model.v3.model.setmanifest": { + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] }, "aserto.directory.reader.v2.reader.checkpermission": { - "union": ["viewer", "directory-client-reader"] + "union": [ + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "directory-client-reader" } + ] }, "aserto.directory.reader.v2.reader.checkrelation": { - "union": ["viewer", "directory-client-reader"] + "union": [ + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "directory-client-reader" } + ] }, "aserto.directory.reader.v2.reader.getgraph": { - "union": ["directory-client-reader", "viewer"] + "union": [ + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "directory-client-reader" } + ] }, "aserto.directory.reader.v2.reader.getobject": { - "union": ["viewer", "directory-client-reader"] + "union": [ + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "directory-client-reader" } + ] }, "aserto.directory.reader.v2.reader.getobjectmany": { - "union": ["viewer", "directory-client-reader"] + "union": [ + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "directory-client-reader" } + ] }, "aserto.directory.reader.v2.reader.getobjects": { - "union": ["viewer", "directory-client-reader"] + "union": [ + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "directory-client-reader" } + ] }, "aserto.directory.reader.v2.reader.getobjecttype": { - "union": ["viewer", "directory-client-reader"] + "union": [ + { "rel_or_perm": "directory-client-reader" }, + { "rel_or_perm": "viewer" } + ] }, "aserto.directory.reader.v2.reader.getobjecttypes": { - "union": ["directory-client-reader", "viewer"] + "union": [ + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "directory-client-reader" } + ] }, "aserto.directory.reader.v2.reader.getpermission": { - "union": ["viewer", "directory-client-reader"] + "union": [ + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "directory-client-reader" } + ] }, "aserto.directory.reader.v2.reader.getpermissions": { - "union": ["viewer", "directory-client-reader"] + "union": [ + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "directory-client-reader" } + ] }, "aserto.directory.reader.v2.reader.getrelation": { - "union": ["viewer", "directory-client-reader"] + "union": [ + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "directory-client-reader" } + ] }, "aserto.directory.reader.v2.reader.getrelations": { - "union": ["viewer", "directory-client-reader"] + "union": [ + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "directory-client-reader" } + ] }, "aserto.directory.reader.v2.reader.getrelationtype": { - "union": ["viewer", "directory-client-reader"] + "union": [ + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "directory-client-reader" } + ] }, "aserto.directory.reader.v2.reader.getrelationtypes": { - "union": ["directory-client-reader", "viewer"] + "union": [ + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "directory-client-reader" } + ] + }, + "aserto.directory.reader.v3.reader.check": { + "union": [ + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "directory-client-reader" } + ] + }, + "aserto.directory.reader.v3.reader.checkpermission": { + "union": [ + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "directory-client-reader" } + ] + }, + "aserto.directory.reader.v3.reader.checkrelation": { + "union": [ + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "directory-client-reader" } + ] + }, + "aserto.directory.reader.v3.reader.getgraph": { + "union": [ + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "directory-client-reader" } + ] + }, + "aserto.directory.reader.v3.reader.getobject": { + "union": [ + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "directory-client-reader" } + ] + }, + "aserto.directory.reader.v3.reader.getobjectmany": { + "union": [ + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "directory-client-reader" } + ] + }, + "aserto.directory.reader.v3.reader.getobjects": { + "union": [ + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "directory-client-reader" } + ] + }, + "aserto.directory.reader.v3.reader.getrelation": { + "union": [ + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "directory-client-reader" } + ] + }, + "aserto.directory.reader.v3.reader.getrelations": { + "union": [ + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "directory-client-reader" } + ] }, "aserto.directory.writer.v2.writer.deleteobject": { - "union": ["admin", "directory-client-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] }, "aserto.directory.writer.v2.writer.deleteobjecttype": { - "union": ["directory-client-writer", "admin"] + "union": [ + { "rel_or_perm": "directory-client-writer" }, + { "rel_or_perm": "admin" } + ] }, "aserto.directory.writer.v2.writer.deletepermission": { - "union": ["admin", "directory-client-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] }, "aserto.directory.writer.v2.writer.deleterelation": { - "union": ["admin", "directory-client-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] }, "aserto.directory.writer.v2.writer.deleterelationtype": { - "union": ["admin", "directory-client-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] }, "aserto.directory.writer.v2.writer.setobject": { - "union": ["admin", "directory-client-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] }, "aserto.directory.writer.v2.writer.setobjecttype": { - "union": ["admin", "directory-client-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] }, "aserto.directory.writer.v2.writer.setpermission": { - "union": ["directory-client-writer", "admin"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] }, "aserto.directory.writer.v2.writer.setrelation": { - "union": ["directory-client-writer", "admin"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] }, "aserto.directory.writer.v2.writer.setrelationtype": { - "union": ["admin", "directory-client-writer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] + }, + "aserto.directory.writer.v3.writer.deleteobject": { + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] + }, + "aserto.directory.writer.v3.writer.deleterelation": { + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] + }, + "aserto.directory.writer.v3.writer.setobject": { + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] + }, + "aserto.directory.writer.v3.writer.setrelation": { + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "directory-client-writer" } + ] }, "aserto.discovery.policy.v1.discovery.opadiscovery": { - "union": ["owner", "admin", "member", "discovery-client"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "discovery-client" } + ] }, "aserto.discovery.policy.v2.discovery.opainstancediscovery": { - "union": ["member", "discovery-client", "owner", "admin"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "discovery-client" } + ] }, "aserto.funnel.v1.funnel.runworkflow": { - "union": ["member", "owner", "admin"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } + ] }, "aserto.funnel.v1.funnel.startworkflow": { - "union": ["owner", "admin", "member"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } + ] }, "aserto.funnel.v1.funnel.stopworkflow": { - "union": ["owner", "admin", "member"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } + ] }, "aserto.maestro.user.getpolicystate": { - "union": ["owner", "admin", "member", "viewer"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" } + ] + }, + "aserto.maestro.user.policy": { + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } + ] }, - "aserto.maestro.user.policy": { "union": ["member", "owner", "admin"] }, "aserto.maestro.user.testwf": { - "union": ["owner", "admin", "member", "viewer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "owner" } + ] }, "aserto.management.v2.controller.commandstream": { - "union": ["edge-authorizer"] + "union": [{ "rel_or_perm": "edge-authorizer" }] }, "aserto.management.v2.controlplane.execcommand": { - "union": ["admin", "owner"] + "union": [{ "rel_or_perm": "admin" }, { "rel_or_perm": "owner" }] }, "aserto.management.v2.controlplane.listinstanceregistrations": { - "union": ["owner", "admin"] + "union": [{ "rel_or_perm": "owner" }, { "rel_or_perm": "admin" }] }, "aserto.registry.v1.registry.createimage": { - "union": ["admin", "member", "owner"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } + ] }, "aserto.registry.v1.registry.getreadaccesstoken": { - "union": ["owner", "admin", "member", "viewer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "owner" } + ] }, "aserto.registry.v1.registry.getwriteaccesstoken": { - "union": ["owner", "admin", "member", "viewer"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" } + ] }, "aserto.registry.v1.registry.listdigests": { - "union": ["member", "viewer", "owner", "admin"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" } + ] }, "aserto.registry.v1.registry.listimages": { - "union": ["admin", "member", "viewer", "owner"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" } + ] }, "aserto.registry.v1.registry.listorgs": { - "union": ["member", "viewer", "owner", "admin"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" } + ] }, "aserto.registry.v1.registry.listpublicimages": { - "union": ["member", "viewer", "owner", "admin"] + "union": [ + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" } + ] }, "aserto.registry.v1.registry.listpublicorgs": { - "union": ["owner", "admin", "member", "viewer"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" } + ] }, "aserto.registry.v1.registry.listtagswithdetails": { - "union": ["owner", "admin", "member", "viewer"] + "union": [ + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" } + ] }, "aserto.registry.v1.registry.removeimage": { - "union": ["owner", "admin", "member"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "owner" } + ] }, "aserto.registry.v1.registry.repoavailable": { - "union": ["owner", "admin", "member", "viewer"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" } + ] }, "aserto.registry.v1.registry.setimagevisibility": { - "union": ["owner", "admin"] + "union": [{ "rel_or_perm": "owner" }, { "rel_or_perm": "admin" }] }, "aserto.registry_tenant.v1.policy.createpolicyimage": { - "union": ["admin", "member", "owner"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "owner" } + ] }, "aserto.registry_tenant.v1.policy.deletepolicyimage": { - "union": ["owner", "admin", "member"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } + ] }, "aserto.registry_tenant.v1.policy.getpolicyimage": { - "union": ["viewer", "owner", "admin", "member"] + "union": [ + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" } + ] }, "aserto.registry_tenant.v1.policy.listpolicyimages": { - "union": ["admin", "member", "viewer", "owner"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" } + ] }, "aserto.registry_tenant.v1.policy.listpublicpolicyimages": { - "union": ["owner", "admin", "member", "viewer"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" } + ] }, "aserto.registry_tenant.v1.policy.updatepolicyimage": { - "union": ["admin", "member", "owner"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } + ] }, "aserto.registry_tenant.v1.policyrepo.createpolicyrepo": { - "union": ["owner", "admin", "member"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } + ] }, "aserto.registry_tenant.v1.policyrepo.deletepolicyrepo": { - "union": ["owner", "admin", "member"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } + ] }, "aserto.registry_tenant.v1.policyrepo.getpolicyrepo": { - "union": ["owner", "admin", "member", "viewer"] + "union": [ + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } + ] }, "aserto.registry_tenant.v1.policyrepo.listpolicyrepos": { - "union": ["owner", "admin", "member", "viewer"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" } + ] }, "aserto.registry_tenant.v1.policyrepo.updatepolicyrepo": { - "union": ["owner", "admin", "member"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } + ] }, "aserto.registry_tenant.v1.tenant.listpublictenants": { - "union": ["owner", "admin", "member", "viewer"] + "union": [ + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" } + ] }, "aserto.registry_tenant.v1.tenant.listtenants": { - "union": ["owner", "admin", "member", "viewer"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" } + ] }, "aserto.tenant.account.v1.account.getaccount": { - "union": ["owner", "admin", "member", "viewer"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" } + ] }, "aserto.tenant.account.v1.account.listinvites": { - "union": ["admin", "member", "viewer", "owner"] + "union": [ + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } + ] }, "aserto.tenant.account.v1.account.signupaccount": { - "union": ["owner", "admin", "member", "viewer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "owner" } + ] }, "aserto.tenant.account.v1.account.updateaccount": { - "union": ["owner", "admin", "member"] + "union": [ + { "rel_or_perm": "member" }, + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" } + ] }, "aserto.tenant.connection.v1.connection.connectionavailable": { - "union": ["owner", "admin"] + "union": [{ "rel_or_perm": "owner" }, { "rel_or_perm": "admin" }] }, "aserto.tenant.connection.v1.connection.createconnection": { - "union": ["member", "owner", "admin"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } + ] }, "aserto.tenant.connection.v1.connection.deleteconnection": { - "union": ["owner", "admin", "member"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } + ] }, "aserto.tenant.connection.v1.connection.getconnection": { - "union": ["owner", "admin", "member", "viewer"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" } + ] }, "aserto.tenant.connection.v1.connection.listconnections": { - "union": ["owner", "admin", "member", "viewer"] + "union": [ + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" } + ] }, "aserto.tenant.connection.v1.connection.rotatesecret": { - "union": ["owner", "admin"] + "union": [{ "rel_or_perm": "owner" }, { "rel_or_perm": "admin" }] }, "aserto.tenant.connection.v1.connection.updateconnection": { - "union": ["owner", "admin", "member"] + "union": [ + { "rel_or_perm": "member" }, + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" } + ] }, "aserto.tenant.connection.v1.connection.verifyconnection": { - "union": ["member", "owner", "admin"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } + ] }, "aserto.tenant.onboarding.v1.onboarding.claimtenant": { - "union": ["owner"] + "union": [{ "rel_or_perm": "owner" }] }, "aserto.tenant.onboarding.v1.onboarding.inviteuser": { - "union": ["owner", "admin"] + "union": [{ "rel_or_perm": "owner" }, { "rel_or_perm": "admin" }] }, "aserto.tenant.onboarding.v1.onboarding.tenantavailable": { - "union": ["owner"] + "union": [{ "rel_or_perm": "owner" }] }, "aserto.tenant.policy.v1.policy.createpolicyref": { - "union": ["owner", "admin", "member"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } + ] }, "aserto.tenant.policy.v1.policy.deletepolicyref": { - "union": ["member", "owner", "admin"] + "union": [ + { "rel_or_perm": "member" }, + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" } + ] }, "aserto.tenant.policy.v1.policy.listpolicyrefs": { - "union": ["owner", "admin", "member", "viewer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "owner" } + ] }, "aserto.tenant.policy.v1.policy.opadiscovery": { - "union": ["owner", "admin", "member", "viewer", "discovery-client"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "discovery-client" } + ] }, "aserto.tenant.policy.v1.policy.opainstancediscovery": { - "union": ["owner", "admin", "member", "viewer"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" } + ] }, "aserto.tenant.policy.v1.policy.updatepolicyref": { - "union": ["owner", "admin", "member"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } + ] }, "aserto.tenant.policy_builder.v1.policybuilder.createpolicybuilde": { - "union": ["owner", "admin", "member"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } + ] }, "aserto.tenant.policy_builder.v1.policybuilder.createpolicybuilder": { - "union": ["owner", "admin", "member"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } + ] }, "aserto.tenant.policy_builder.v1.policybuilder.deletepolicybuilde": { - "union": ["owner", "admin", "member"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "owner" } + ] }, "aserto.tenant.policy_builder.v1.policybuilder.deletepolicybuilder": { - "union": ["owner", "admin", "member"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "owner" } + ] }, "aserto.tenant.policy_builder.v1.policybuilder.listpolicybuilders": { - "union": ["viewer", "owner", "admin", "member"] + "union": [ + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" } + ] }, "aserto.tenant.profile.v1.profile.getinvites": { - "union": ["owner", "admin", "member", "viewer"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" } + ] }, "aserto.tenant.profile.v1.profile.getprofile": { - "union": ["owner", "admin", "member", "viewer"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" } + ] }, "aserto.tenant.profile.v1.profile.inviteuser": { - "union": ["owner", "admin"] + "union": [{ "rel_or_perm": "owner" }, { "rel_or_perm": "admin" }] }, "aserto.tenant.profile.v1.profile.removemember": { - "union": ["owner", "admin"] + "union": [{ "rel_or_perm": "owner" }, { "rel_or_perm": "admin" }] }, "aserto.tenant.profile.v1.profile.respondtoinvite": { - "union": ["owner", "admin"] + "union": [{ "rel_or_perm": "owner" }, { "rel_or_perm": "admin" }] }, "aserto.tenant.provider.v1.provider.getprovider": { - "union": ["owner", "admin", "member", "viewer"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" } + ] }, "aserto.tenant.provider.v1.provider.listproviderkinds": { - "union": ["viewer", "owner", "admin", "member"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" } + ] }, "aserto.tenant.provider.v1.provider.listproviders": { - "union": ["owner", "admin", "member", "viewer"] + "union": [ + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" } + ] }, "aserto.tenant.registry.v1.registry.clonerepo": { - "union": ["owner", "admin", "member"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "owner" } + ] }, "aserto.tenant.registry.v1.registry.createregistryrepo": { - "union": ["admin", "member", "owner"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } + ] }, "aserto.tenant.registry.v1.registry.deleteregistryrepo": { - "union": ["admin", "member", "owner"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } + ] }, "aserto.tenant.registry.v1.registry.getregistryrepotag": { - "union": ["member", "viewer", "owner", "admin"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" } + ] }, "aserto.tenant.registry.v1.registry.listorgs": { - "union": ["viewer", "owner", "admin", "member"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" } + ] }, "aserto.tenant.registry.v1.registry.listregistryrepodigests": { - "union": ["admin", "member", "viewer", "owner"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "owner" } + ] }, "aserto.tenant.registry.v1.registry.listregistryrepos": { - "union": ["viewer", "owner", "admin", "member"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" } + ] }, "aserto.tenant.registry.v1.registry.listregistryrepotags": { - "union": ["owner", "admin", "member", "viewer"] + "union": [ + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } + ] }, "aserto.tenant.registry.v1.registry.registryrepoavailable": { - "union": ["owner", "admin", "member", "viewer"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" } + ] }, "aserto.tenant.registry.v1.registry.validpolicyregistryrepotag": { - "union": ["viewer", "owner", "admin", "member"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" } + ] }, "aserto.tenant.scc.v1.sourcecodectl.createrepo": { - "union": ["owner", "admin", "member"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } + ] }, "aserto.tenant.scc.v1.sourcecodectl.getprofile": { - "union": ["owner", "admin", "member", "viewer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "owner" } + ] }, "aserto.tenant.scc.v1.sourcecodectl.getrepo": { - "union": ["owner", "admin", "member", "viewer"] + "union": [ + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } + ] }, "aserto.tenant.scc.v1.sourcecodectl.isrepoconnected": { - "union": ["owner", "admin", "member", "viewer"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" } + ] }, "aserto.tenant.scc.v1.sourcecodectl.listorg": { - "union": ["member", "viewer", "owner", "admin"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" } + ] }, "aserto.tenant.scc.v1.sourcecodectl.listrepo": { - "union": ["owner", "admin", "member", "viewer"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" } + ] }, "aserto.tenant.scc.v1.sourcecodectl.listtemplates": { - "union": ["admin", "member", "viewer", "owner"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" } + ] }, "aserto.tenant.v2.account.deleteaccount": { - "union": ["owner", "admin"] + "union": [{ "rel_or_perm": "owner" }, { "rel_or_perm": "admin" }] }, "aserto.tenant.v2.instance.createinstance": { - "union": ["owner", "admin", "member"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } + ] }, "aserto.tenant.v2.instance.deleteinstance": { - "union": ["owner", "admin", "member"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } + ] }, "aserto.tenant.v2.instance.listinstance": { - "union": ["viewer", "owner", "admin", "member"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "owner" } + ] }, "aserto.tenant.v2.instance.updateinstance": { - "union": ["admin", "member", "owner"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } + ] }, "aserto.tenant.v2.policy.createpolicy": { - "union": ["owner", "admin", "member"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } + ] }, "aserto.tenant.v2.policy.deletepolicy": { - "union": ["member", "owner", "admin"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } + ] }, "aserto.tenant.v2.policy.getpolicy": { - "union": ["admin", "member", "viewer", "owner"] + "union": [ + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } + ] }, "aserto.tenant.v2.policy.listpolicy": { - "union": ["owner", "admin", "member", "viewer"] + "union": [ + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" } + ] }, "aserto.tenant.v2.policy.policynameavailable": { - "union": ["owner", "admin", "member"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } + ] }, "aserto.tenant.v2.policy.updatepolicy": { - "union": ["owner", "admin", "member"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } + ] }, "aserto.tenant.v2.policystate.getpolicystate": { - "union": ["member", "viewer", "owner", "admin"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "owner" } + ] }, "aserto.tenant.v2.policystate.setpolicystate": { - "union": ["owner", "admin", "member"] + "union": [ + { "rel_or_perm": "member" }, + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" } + ] }, "aserto.tenant.v2.repository.createrepository": { - "union": ["owner", "admin", "member"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } + ] }, "aserto.tenant.v2.repository.deleterepository": { - "union": ["owner", "admin", "member"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } + ] }, "aserto.tenant.v2.repository.getrepository": { - "union": ["owner", "admin", "member", "viewer"] + "union": [ + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } + ] }, "aserto.tenant.v2.repository.updaterepository": { - "union": ["owner", "admin", "member"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } + ] }, "aserto.tenant.v2.source.createsource": { - "union": ["owner", "admin", "member"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } + ] }, "aserto.tenant.v2.source.deletesource": { - "union": ["member", "owner", "admin"] + "union": [ + { "rel_or_perm": "member" }, + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" } + ] }, "aserto.tenant.v2.source.getsource": { - "union": ["admin", "member", "viewer", "owner"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" } + ] }, "aserto.tenant.v2.source.updatesource": { - "union": ["owner", "admin", "member"] + "union": [ + { "rel_or_perm": "owner" }, + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" } + ] + }, + "aserto.tenant.v2.tenant.deletetenant": { + "union": [{ "rel_or_perm": "owner" }, { "rel_or_perm": "admin" }] }, - "aserto.tenant.v2.tenant.deletetenant": { "union": ["owner", "admin"] }, "grpc.reflection.v1alpha.serverreflection.serverreflectioninfo": { - "union": ["owner", "admin", "member", "viewer"] + "union": [ + { "rel_or_perm": "admin" }, + { "rel_or_perm": "member" }, + { "rel_or_perm": "viewer" }, + { "rel_or_perm": "owner" } + ] } } }, diff --git a/cache/path_test.go b/cache/path_test.go index 2069944..0fa79ff 100644 --- a/cache/path_test.go +++ b/cache/path_test.go @@ -45,8 +45,7 @@ func TestPathMap(t *testing.T) { c := cache.New(m) require.NotNil(t, c) - pm, err := createPathMap(m) - require.NoError(t, err) + pm := createPathMap(m) require.NotNil(t, pm) // plot all paths for all roots. @@ -88,7 +87,7 @@ func (pm PathMap) plotPaths(w io.Writer, or *model.ObjectRelation) { } } -func createPathMap(m *model.Model) (*PathMap, error) { +func createPathMap(m *model.Model) *PathMap { pm := PathMap{} // create roots @@ -125,7 +124,7 @@ func createPathMap(m *model.Model) (*PathMap, error) { } } - return &pm, nil + return &pm } func expandPerm(m *model.Model, on model.ObjectName, pn model.PermissionName) []*model.ObjectRelation { @@ -137,10 +136,10 @@ func expandPerm(m *model.Model, on model.ObjectName, pn model.PermissionName) [] } for _, r := range p.Union { - result = append(result, resolve(m, on, model.RelationName(r))) + result = append(result, resolve(m, on, model.RelationName(r.RelOrPerm))) } - for _, _ = range p.Intersection { + for range p.Intersection { panic("not implemented") } @@ -148,10 +147,6 @@ func expandPerm(m *model.Model, on model.ObjectName, pn model.PermissionName) [] panic("not implemented") } - if p.Arrow != nil { - panic("not implemented") - } - return result } @@ -166,7 +161,7 @@ func expandRel(m *model.Model, on model.ObjectName, rn model.RelationName) []*mo for _, r := range relations { if r.Direct != "" { result = append(result, &model.ObjectRelation{ - Object: model.ObjectName(r.Direct), + Object: r.Direct, Relation: "", }) } @@ -180,7 +175,7 @@ func expandRel(m *model.Model, on model.ObjectName, rn model.RelationName) []*mo if r.Wildcard != "" { result = append(result, &model.ObjectRelation{ - Object: model.ObjectName(r.Wildcard), + Object: r.Wildcard, Relation: "*", }) } @@ -199,7 +194,7 @@ func resolve(m *model.Model, on model.ObjectName, rn model.RelationName) *model. for _, rel := range m.Objects[on].Relations[rn] { if rel.Direct != "" { return &model.ObjectRelation{ - Object: model.ObjectName(rel.Direct), + Object: rel.Direct, Relation: model.RelationName(parts[1]), } } @@ -213,7 +208,7 @@ func resolve(m *model.Model, on model.ObjectName, rn model.RelationName) *model. if rel.Wildcard != "" { return &model.ObjectRelation{ - Object: model.ObjectName(rel.Wildcard), + Object: rel.Wildcard, Relation: "*", } } diff --git a/model/model.json b/model/model.json index aae57b8..d9593e9 100644 --- a/model/model.json +++ b/model/model.json @@ -1,37 +1,48 @@ { - "version": 1, - "metadata": null, - "types": { - "user": {}, - "group": { - "relations": { - "member": [ - {"direct": "user"}, - {"subject": {"object": "group", "relation": "member"}} - ] - } + "version": 2, + "types": { + "document": { + "relations": { + "parent_folder": [{ "direct": "folder" }], + "reader": [{ "direct": "user" }, { "wildcard": "user" }], + "writer": [{ "direct": "user" }] + }, + "permissions": { + "can_only_read": { + "exclusion": { + "include": { "rel_or_perm": "reader" }, + "exclude": { "rel_or_perm": "writer" } + } }, - "folder": { - "relations": { - "owner": [{"direct": "user"}] - }, - "permissions": { - "read": {"union": ["owner"]} - } + "edit": { "union": [{ "rel_or_perm": "writer" }] }, + "read": { + "union": [{ "base": "parent_folder", "rel_or_perm": "read" }] }, - "document": { - "relations": { - "parent_folder": [{"direct": "folder"}], - "writer": [{"direct": "user"}], - "reader": [{"direct": "user"}, {"wildcard": "user"}] - }, - "permissions": { - "edit": {"union": ["writer"]}, - "view": {"union": ["reader", "writer"]}, - "read_and_write": {"intersection": ["reader", "writer"]}, - "can_only_read": {"exclusion": {"base": "reader", "subtract": "writer"}}, - "read": {"arrow": {"relation": "parent_folder","permission": "read"}} - } + "read_and_write": { + "intersection": [ + { "rel_or_perm": "reader" }, + { "rel_or_perm": "writer" } + ] + }, + "view": { + "union": [{ "rel_or_perm": "reader" }, { "rel_or_perm": "writer" }] } - } + } + }, + "folder": { + "relations": { "owner": [{ "direct": "user" }] }, + "permissions": { "read": { "union": [{ "rel_or_perm": "owner" }] } } + }, + "group": { + "relations": { + "member": [ + { "direct": "user" }, + { "subject": { "object": "group", "relation": "member" } } + ] + } + }, + "user": {} + }, + "metadata": null } + diff --git a/model/model_test.go b/model/model_test.go index 17f01ef..63c3904 100644 --- a/model/model_test.go +++ b/model/model_test.go @@ -11,7 +11,7 @@ import ( ) var m1 = model.Model{ - Version: 1, + Version: 2, Objects: map[model.ObjectName]*model.Object{ model.ObjectName("user"): {}, model.ObjectName("group"): { @@ -139,12 +139,12 @@ func TestModel(t *testing.T) { func TestDiff(t *testing.T) { m2 := model.Model{ - Version: 1, + Version: 2, Objects: nil, } m3 := model.Model{ - Version: 1, + Version: 2, Objects: map[model.ObjectName]*model.Object{ model.ObjectName("new_user"): {}, model.ObjectName("group"): { @@ -169,7 +169,7 @@ func TestDiff(t *testing.T) { }, Permissions: map[model.PermissionName]*model.Permission{ model.PermissionName("read"): { - Union: []string{"owner"}, + Union: []*model.RelationRef{{RelOrPerm: "owner"}}, }, }, }, @@ -226,7 +226,7 @@ func TestDiff(t *testing.T) { func TestGraph(t *testing.T) { m := model.Model{ - Version: 1, + Version: 2, Objects: map[model.ObjectName]*model.Object{ model.ObjectName("user"): { Relations: map[model.RelationName][]*model.Relation{ diff --git a/parser/Azm.g4 b/parser/Azm.g4 index b3e6618..ee35caf 100644 --- a/parser/Azm.g4 +++ b/parser/Azm.g4 @@ -61,6 +61,6 @@ COLON: ASTERISK: '*'; -ID: [a-z][a-z0-9._]*[a-z0-9] ; +ID: [a-z][a-z0-9._-]*[a-z0-9] ; WS: [ \t\n\r\f]+ -> skip ; diff --git a/parser/AzmLexer.interp b/parser/AzmLexer.interp index fc76e9b..a9cc7d7 100644 --- a/parser/AzmLexer.interp +++ b/parser/AzmLexer.interp @@ -41,4 +41,4 @@ mode names: DEFAULT_MODE atn: -[4, 0, 9, 50, 6, -1, 2, 0, 7, 0, 2, 1, 7, 1, 2, 2, 7, 2, 2, 3, 7, 3, 2, 4, 7, 4, 2, 5, 7, 5, 2, 6, 7, 6, 2, 7, 7, 7, 2, 8, 7, 8, 1, 0, 1, 0, 1, 1, 1, 1, 1, 2, 1, 2, 1, 3, 1, 3, 1, 3, 1, 4, 1, 4, 1, 5, 1, 5, 1, 6, 1, 6, 1, 7, 1, 7, 5, 7, 37, 8, 7, 10, 7, 12, 7, 40, 9, 7, 1, 7, 1, 7, 1, 8, 4, 8, 45, 8, 8, 11, 8, 12, 8, 46, 1, 8, 1, 8, 0, 0, 9, 1, 1, 3, 2, 5, 3, 7, 4, 9, 5, 11, 6, 13, 7, 15, 8, 17, 9, 1, 0, 4, 1, 0, 97, 122, 4, 0, 46, 46, 48, 57, 95, 95, 97, 122, 2, 0, 48, 57, 97, 122, 3, 0, 9, 10, 12, 13, 32, 32, 51, 0, 1, 1, 0, 0, 0, 0, 3, 1, 0, 0, 0, 0, 5, 1, 0, 0, 0, 0, 7, 1, 0, 0, 0, 0, 9, 1, 0, 0, 0, 0, 11, 1, 0, 0, 0, 0, 13, 1, 0, 0, 0, 0, 15, 1, 0, 0, 0, 0, 17, 1, 0, 0, 0, 1, 19, 1, 0, 0, 0, 3, 21, 1, 0, 0, 0, 5, 23, 1, 0, 0, 0, 7, 25, 1, 0, 0, 0, 9, 28, 1, 0, 0, 0, 11, 30, 1, 0, 0, 0, 13, 32, 1, 0, 0, 0, 15, 34, 1, 0, 0, 0, 17, 44, 1, 0, 0, 0, 19, 20, 5, 124, 0, 0, 20, 2, 1, 0, 0, 0, 21, 22, 5, 38, 0, 0, 22, 4, 1, 0, 0, 0, 23, 24, 5, 45, 0, 0, 24, 6, 1, 0, 0, 0, 25, 26, 5, 45, 0, 0, 26, 27, 5, 62, 0, 0, 27, 8, 1, 0, 0, 0, 28, 29, 5, 35, 0, 0, 29, 10, 1, 0, 0, 0, 30, 31, 5, 58, 0, 0, 31, 12, 1, 0, 0, 0, 32, 33, 5, 42, 0, 0, 33, 14, 1, 0, 0, 0, 34, 38, 7, 0, 0, 0, 35, 37, 7, 1, 0, 0, 36, 35, 1, 0, 0, 0, 37, 40, 1, 0, 0, 0, 38, 36, 1, 0, 0, 0, 38, 39, 1, 0, 0, 0, 39, 41, 1, 0, 0, 0, 40, 38, 1, 0, 0, 0, 41, 42, 7, 2, 0, 0, 42, 16, 1, 0, 0, 0, 43, 45, 7, 3, 0, 0, 44, 43, 1, 0, 0, 0, 45, 46, 1, 0, 0, 0, 46, 44, 1, 0, 0, 0, 46, 47, 1, 0, 0, 0, 47, 48, 1, 0, 0, 0, 48, 49, 6, 8, 0, 0, 49, 18, 1, 0, 0, 0, 3, 0, 38, 46, 1, 6, 0, 0] \ No newline at end of file +[4, 0, 9, 50, 6, -1, 2, 0, 7, 0, 2, 1, 7, 1, 2, 2, 7, 2, 2, 3, 7, 3, 2, 4, 7, 4, 2, 5, 7, 5, 2, 6, 7, 6, 2, 7, 7, 7, 2, 8, 7, 8, 1, 0, 1, 0, 1, 1, 1, 1, 1, 2, 1, 2, 1, 3, 1, 3, 1, 3, 1, 4, 1, 4, 1, 5, 1, 5, 1, 6, 1, 6, 1, 7, 1, 7, 5, 7, 37, 8, 7, 10, 7, 12, 7, 40, 9, 7, 1, 7, 1, 7, 1, 8, 4, 8, 45, 8, 8, 11, 8, 12, 8, 46, 1, 8, 1, 8, 0, 0, 9, 1, 1, 3, 2, 5, 3, 7, 4, 9, 5, 11, 6, 13, 7, 15, 8, 17, 9, 1, 0, 4, 1, 0, 97, 122, 4, 0, 45, 46, 48, 57, 95, 95, 97, 122, 2, 0, 48, 57, 97, 122, 3, 0, 9, 10, 12, 13, 32, 32, 51, 0, 1, 1, 0, 0, 0, 0, 3, 1, 0, 0, 0, 0, 5, 1, 0, 0, 0, 0, 7, 1, 0, 0, 0, 0, 9, 1, 0, 0, 0, 0, 11, 1, 0, 0, 0, 0, 13, 1, 0, 0, 0, 0, 15, 1, 0, 0, 0, 0, 17, 1, 0, 0, 0, 1, 19, 1, 0, 0, 0, 3, 21, 1, 0, 0, 0, 5, 23, 1, 0, 0, 0, 7, 25, 1, 0, 0, 0, 9, 28, 1, 0, 0, 0, 11, 30, 1, 0, 0, 0, 13, 32, 1, 0, 0, 0, 15, 34, 1, 0, 0, 0, 17, 44, 1, 0, 0, 0, 19, 20, 5, 124, 0, 0, 20, 2, 1, 0, 0, 0, 21, 22, 5, 38, 0, 0, 22, 4, 1, 0, 0, 0, 23, 24, 5, 45, 0, 0, 24, 6, 1, 0, 0, 0, 25, 26, 5, 45, 0, 0, 26, 27, 5, 62, 0, 0, 27, 8, 1, 0, 0, 0, 28, 29, 5, 35, 0, 0, 29, 10, 1, 0, 0, 0, 30, 31, 5, 58, 0, 0, 31, 12, 1, 0, 0, 0, 32, 33, 5, 42, 0, 0, 33, 14, 1, 0, 0, 0, 34, 38, 7, 0, 0, 0, 35, 37, 7, 1, 0, 0, 36, 35, 1, 0, 0, 0, 37, 40, 1, 0, 0, 0, 38, 36, 1, 0, 0, 0, 38, 39, 1, 0, 0, 0, 39, 41, 1, 0, 0, 0, 40, 38, 1, 0, 0, 0, 41, 42, 7, 2, 0, 0, 42, 16, 1, 0, 0, 0, 43, 45, 7, 3, 0, 0, 44, 43, 1, 0, 0, 0, 45, 46, 1, 0, 0, 0, 46, 44, 1, 0, 0, 0, 46, 47, 1, 0, 0, 0, 47, 48, 1, 0, 0, 0, 48, 49, 6, 8, 0, 0, 49, 18, 1, 0, 0, 0, 3, 0, 38, 46, 1, 6, 0, 0] \ No newline at end of file diff --git a/parser/azm_lexer.go b/parser/azm_lexer.go index bfc9685..910b739 100644 --- a/parser/azm_lexer.go +++ b/parser/azm_lexer.go @@ -59,7 +59,7 @@ func azmlexerLexerInit() { 1, 1, 1, 1, 2, 1, 2, 1, 3, 1, 3, 1, 3, 1, 4, 1, 4, 1, 5, 1, 5, 1, 6, 1, 6, 1, 7, 1, 7, 5, 7, 37, 8, 7, 10, 7, 12, 7, 40, 9, 7, 1, 7, 1, 7, 1, 8, 4, 8, 45, 8, 8, 11, 8, 12, 8, 46, 1, 8, 1, 8, 0, 0, 9, 1, 1, 3, 2, 5, 3, - 7, 4, 9, 5, 11, 6, 13, 7, 15, 8, 17, 9, 1, 0, 4, 1, 0, 97, 122, 4, 0, 46, + 7, 4, 9, 5, 11, 6, 13, 7, 15, 8, 17, 9, 1, 0, 4, 1, 0, 97, 122, 4, 0, 45, 46, 48, 57, 95, 95, 97, 122, 2, 0, 48, 57, 97, 122, 3, 0, 9, 10, 12, 13, 32, 32, 51, 0, 1, 1, 0, 0, 0, 0, 3, 1, 0, 0, 0, 0, 5, 1, 0, 0, 0, 0, 7, 1, 0, 0, 0, 0, 9, 1, 0, 0, 0, 0, 11, 1, 0, 0, 0, 0, 13, 1, 0, 0, 0, 0, diff --git a/parser/parse.go b/parser/parse.go new file mode 100644 index 0000000..bb13292 --- /dev/null +++ b/parser/parse.go @@ -0,0 +1,30 @@ +package parser + +import ( + "github.com/antlr4-go/antlr/v4" + "github.com/aserto-dev/azm/model" +) + +func ParseRelation(input string) []*model.Relation { + p := newParser(input) + rTree := p.Relation() + + var v RelationVisitor + return v.Visit(rTree).([]*model.Relation) +} + +func ParsePermission(input string) *model.Permission { + p := newParser(input) + pTree := p.Permission() + + var v PermissionVisitor + return v.Visit(pTree).(*model.Permission) +} + +func newParser(input string) *AzmParser { + lexer := NewAzmLexer(antlr.NewInputStream(input)) + stream := antlr.NewCommonTokenStream(lexer, 0) + p := NewAzmParser(stream) + p.AddErrorListener(antlr.NewDiagnosticErrorListener(true)) + return p +} diff --git a/parser/parser_test.go b/parser/parser_test.go index 2651657..c8b1c21 100644 --- a/parser/parser_test.go +++ b/parser/parser_test.go @@ -3,7 +3,6 @@ package parser_test import ( "testing" - "github.com/antlr4-go/antlr/v4" "github.com/aserto-dev/azm/model" "github.com/aserto-dev/azm/parser" "github.com/stretchr/testify/assert" @@ -24,6 +23,16 @@ func TestRelationParser(t *testing.T) { assert.Empty(term.Wildcard) }, }, + { + "name-with-dashes", + func(rel []*model.Relation, assert *assert.Assertions) { + assert.Len(rel, 1) + term := rel[0] + assert.Equal(model.ObjectName("name-with-dashes"), term.Direct) + assert.Nil(term.Subject) + assert.Empty(term.Wildcard) + }, + }, { "group#member", func(rel []*model.Relation, assert *assert.Assertions) { @@ -68,7 +77,7 @@ func TestRelationParser(t *testing.T) { for _, test := range tests { t.Run(test.input, func(tt *testing.T) { - rel := parseRelation(test.input) + rel := parser.ParseRelation(test.input) test.validate(rel, assert.New(tt)) }) } @@ -130,33 +139,9 @@ func TestPermissionParser(t *testing.T) { for _, test := range tests { t.Run(test.input, func(tt *testing.T) { - perm := parsePermission(test.input) + perm := parser.ParsePermission(test.input) test.validate(perm, assert.New(tt)) }) } } - -func parseRelation(input string) []*model.Relation { - p := newParser(input) - rTree := p.Relation() - - var v parser.RelationVisitor - return v.Visit(rTree).([]*model.Relation) -} - -func parsePermission(input string) *model.Permission { - p := newParser(input) - pTree := p.Permission() - - var v parser.PermissionVisitor - return v.Visit(pTree).(*model.Permission) -} - -func newParser(input string) *parser.AzmParser { - lexer := parser.NewAzmLexer(antlr.NewInputStream(input)) - stream := antlr.NewCommonTokenStream(lexer, 0) - p := parser.NewAzmParser(stream) - p.AddErrorListener(antlr.NewDiagnosticErrorListener(true)) - return p -} diff --git a/v3/load.go b/v3/load.go index c6f59eb..bd7d42f 100644 --- a/v3/load.go +++ b/v3/load.go @@ -4,21 +4,22 @@ import ( "io" "github.com/aserto-dev/azm/model" + "github.com/aserto-dev/azm/parser" "github.com/rs/zerolog/log" "gopkg.in/yaml.v3" ) func Load(r io.Reader) (*model.Model, error) { - manifest := Manifest{} - dec := yaml.NewDecoder(r) - dec.KnownFields(true) - m := model.Model{ Version: model.ModelVersion, Objects: map[model.ObjectName]*model.Object{}, } + dec := yaml.NewDecoder(r) + dec.KnownFields(true) + + manifest := Manifest{} if err := dec.Decode(&manifest); err != nil { if err == io.EOF { return &m, nil @@ -29,78 +30,20 @@ func Load(r io.Reader) (*model.Model, error) { for on, o := range manifest.ObjectTypes { log.Debug().Str("object", string(on)).Msg("loading object") - relations := map[model.RelationName][]*model.Relation{} - - if o.Relations == nil { - o.Relations = map[RelationName]RelationDefinition{} - } + relations := make(map[model.RelationName][]*model.Relation, len(o.Relations)) for rn, rd := range o.Relations { log.Debug().Str("object", string(on)).Str("relation", string(rn)).Msg("loading relation") - for _, v := range rd.Definition { - if _, ok := relations[model.RelationName(rn)]; !ok { - relations[model.RelationName(rn)] = []*model.Relation{} - } - - rs := relations[model.RelationName(rn)] - r := &model.Relation{} - - switch x := v.(type) { - case *DirectRelation: - r.Direct = model.ObjectName(x.ObjectType) - - case *SubjectRelation: - r.Subject = &model.SubjectRelation{ - Object: model.ObjectName(x.ObjectType), - Relation: model.RelationName(x.Relation), - } - - case *WildcardRelation: - r.Wildcard = model.ObjectName(x.ObjectType) - } - - rs = append(rs, r) - relations[model.RelationName(rn)] = rs - } + relations[model.RelationName(rn)] = parser.ParseRelation(rd) } - permissions := map[model.PermissionName]*model.Permission{} - - if o.Permissions == nil { - o.Permissions = map[PermissionName]PermissionOperator{} - } + permissions := make(map[model.PermissionName]*model.Permission, len(o.Permissions)) for pn, pd := range o.Permissions { log.Debug().Str("object", string(on)).Str("permission", string(pn)).Msg("loading permission") - if _, ok := permissions[model.PermissionName(pn)]; !ok { - permissions[model.PermissionName(pn)] = &model.Permission{} - } - - p := permissions[model.PermissionName(pn)] - - switch x := pd.Operator.(type) { - case *UnionOperator: - p.Union = x.Union - - case *IntersectionOperator: - p.Intersection = x.Intersection - - case *ExclusionOperator: - p.Exclusion = &model.ExclusionPermission{ - Include: x.Base, - Exclude: x.Subtract, - } - - case *ArrowOperator: - p.Arrow = &model.ArrowPermission{ - Relation: x.Relation, - Permission: x.Permission, - } - } - - permissions[model.PermissionName(pn)] = p + permissions[model.PermissionName(pn)] = parser.ParsePermission(pd) } m.Objects[model.ObjectName(on)] = &model.Object{ diff --git a/v3/manifest.go b/v3/manifest.go index c50996c..8820627 100644 --- a/v3/manifest.go +++ b/v3/manifest.go @@ -2,7 +2,6 @@ package v3 import ( "strconv" - "strings" "github.com/aserto-dev/azm" "gopkg.in/yaml.v3" @@ -33,71 +32,13 @@ type ModelInfo struct { type ObjectTypeName string type ObjectType struct { - Relations map[RelationName]RelationDefinition `yaml:"relations,omitempty"` - Permissions map[PermissionName]PermissionOperator `yaml:"permissions,omitempty"` + Relations map[RelationName]string `yaml:"relations,omitempty"` + Permissions map[PermissionName]string `yaml:"permissions,omitempty"` } type RelationName string - -type RelationDefinition struct { - Definition []interface { - isRelationDefinition() - } `yaml:"definition"` -} - -type DirectRelation struct { - ObjectType string `yaml:"direct_relation"` -} - -func (*DirectRelation) isRelationDefinition() {} - -type SubjectRelation struct { - ObjectType string `yaml:"object_relation"` - Relation string `yaml:"subject_relation"` -} - -func (*SubjectRelation) isRelationDefinition() {} - -type WildcardRelation struct { - ObjectType string `yaml:"wildcard_relation"` -} - -func (*WildcardRelation) isRelationDefinition() {} - type PermissionName string -type PermissionOperator struct { - Operator interface { - isPermissionOperator() - } `yaml:"operator"` -} - -type UnionOperator struct { - Union []string `yaml:"union"` -} - -func (*UnionOperator) isPermissionOperator() {} - -type IntersectionOperator struct { - Intersection []string `yaml:"intersect"` -} - -func (*IntersectionOperator) isPermissionOperator() {} - -type ExclusionOperator struct { - Base string `yaml:"base"` - Subtract string `yaml:"subtract"` -} - -func (*ExclusionOperator) isPermissionOperator() {} - -type ArrowOperator struct { - Relation string `yaml:"relation"` - Permission string `yaml:"permission"` -} - -func (*ArrowOperator) isPermissionOperator() {} - func (v *SchemaVersion) UnmarshalYAML(value *yaml.Node) error { version, err := strconv.Atoi(value.Value) if err != nil { @@ -112,87 +53,3 @@ func (v *SchemaVersion) UnmarshalYAML(value *yaml.Node) error { return nil } - -func (r *RelationDefinition) UnmarshalYAML(value *yaml.Node) error { - s := strings.Split(value.Value, UnionIdentifier) - for _, v := range s { - switch { - // subject relation - case strings.Contains(v, RelationIdentifier): - sr := strings.Split(v, RelationIdentifier) - r.Definition = append(r.Definition, &SubjectRelation{ - ObjectType: strings.TrimSpace(sr[0]), - Relation: strings.TrimSpace(sr[1]), - }) - // wildcard relation - case strings.Contains(v, WildcardIdentifier): - wc := strings.Split(v, WildcardIdentifier) - r.Definition = append(r.Definition, &WildcardRelation{ - ObjectType: strings.TrimSpace(wc[0]), - }) - // direct relation - default: - r.Definition = append(r.Definition, &DirectRelation{ - ObjectType: strings.TrimSpace(v), - }) - } - } - - return nil -} - -func (p *PermissionOperator) UnmarshalYAML(value *yaml.Node) error { - switch { - // union (OR) - case strings.Contains(value.Value, UnionIdentifier): - s := strings.Split(value.Value, UnionIdentifier) - union := []string{} - for _, v := range s { - union = append(union, strings.TrimSpace(v)) - } - *p = PermissionOperator{ - Operator: &UnionOperator{ - Union: union, - }, - } - // intersection (AND) - case strings.Contains(value.Value, IntersectionIdentifier): - s := strings.Split(value.Value, IntersectionIdentifier) - intersect := []string{} - for _, v := range s { - intersect = append(intersect, strings.TrimSpace(v)) - } - *p = PermissionOperator{ - Operator: &IntersectionOperator{ - Intersection: intersect, - }, - } - // arrow - case strings.Contains(value.Value, ArrowIdentifier): - s := strings.Split(value.Value, ArrowIdentifier) - *p = PermissionOperator{ - Operator: &ArrowOperator{ - Relation: strings.TrimSpace(s[0]), - Permission: strings.TrimSpace(s[1]), - }, - } - // exclusion (NOT) - case strings.Contains(value.Value, ExclusionIdentifier): - s := strings.Split(value.Value, ExclusionIdentifier) - *p = PermissionOperator{ - Operator: &ExclusionOperator{ - Base: strings.TrimSpace(s[0]), - Subtract: strings.TrimSpace(s[1]), - }, - } - // default union of one - default: - *p = PermissionOperator{ - Operator: &UnionOperator{ - Union: []string{strings.TrimSpace(value.Value)}, - }, - } - } - - return nil -}