Migrate files and re-add old validate temporarily

authzed · Nov 21, 2024 · cd5df34 · cd5df34
1 parent 589873c
commit cd5df34
Show file tree

Hide file tree

Showing 11 changed files with 727 additions and 244 deletions.
diff --git a/authzed/api/v0/core.proto b/authzed/api/v0/core.proto
@@ -1,6 +1,7 @@
 syntax = "proto3";
 package authzed.api.v0;
 
+import "buf/validate/validate.proto";
 import "validate/validate.proto";
 
 option go_package = "github.com/authzed/authzed-go/proto/authzed/api/v0";
@@ -18,40 +19,80 @@ message RelationTuple {
   // doc:12345#writer#* (all tuples with direct write relationship with the
   // document) doc:#writer#group:eng#member (all tuples that eng group has write
   // relationship)
-  ObjectAndRelation object_and_relation = 1 [(validate.rules).message.required = true];
-  User user = 2 [(validate.rules).message.required = true];
+  ObjectAndRelation object_and_relation = 1 [
+    (validate.rules).message.required = true,
+    (buf.validate.field).required = true
+  ];
+  User user = 2 [
+    (validate.rules).message.required = true,
+    (buf.validate.field).required = true
+  ];
 }
 
 message ObjectAndRelation {
-  string namespace = 1 [(validate.rules).string = {
-    pattern: "^([a-z][a-z0-9_]{1,61}[a-z0-9]/)?[a-z][a-z0-9_]{1,62}[a-z0-9]$"
-    max_bytes: 128
-  }];
-  string object_id = 2 [(validate.rules).string = {
-    pattern: "^(([a-zA-Z0-9_][a-zA-Z0-9/_|-]{0,127})|\\*)$"
-    max_bytes: 128
-  }];
-  string relation = 3 [(validate.rules).string = {
-    pattern: "^(\\.\\.\\.|[a-z][a-z0-9_]{1,62}[a-z0-9])$"
-    max_bytes: 64
-  }];
+  string namespace = 1 [
+    (validate.rules).string = {
+      pattern: "^([a-z][a-z0-9_]{1,61}[a-z0-9]/)?[a-z][a-z0-9_]{1,62}[a-z0-9]$"
+      max_bytes: 128
+    },
+    (buf.validate.field).string = {
+      pattern: "^([a-z][a-z0-9_]{1,61}[a-z0-9]/)?[a-z][a-z0-9_]{1,62}[a-z0-9]$"
+      max_bytes: 128
+    }
+  ];
+  string object_id = 2 [
+    (validate.rules).string = {
+      pattern: "^(([a-zA-Z0-9_][a-zA-Z0-9/_|-]{0,127})|\\*)$"
+      max_bytes: 128
+    },
+    (buf.validate.field).string = {
+      pattern: "^(([a-zA-Z0-9_][a-zA-Z0-9/_|-]{0,127})|\\*)$"
+      max_bytes: 128
+    }
+  ];
+  string relation = 3 [
+    (validate.rules).string = {
+      pattern: "^(\\.\\.\\.|[a-z][a-z0-9_]{1,62}[a-z0-9])$"
+      max_bytes: 64
+    },
+    (buf.validate.field).string = {
+      pattern: "^(\\.\\.\\.|[a-z][a-z0-9_]{1,62}[a-z0-9])$"
+      max_bytes: 64
+    }
+  ];
 }
 
 message RelationReference {
-  string namespace = 1 [(validate.rules).string = {
-    pattern: "^([a-z][a-z0-9_]{1,61}[a-z0-9]/)?[a-z][a-z0-9_]{1,62}[a-z0-9]$"
-    max_bytes: 128
-  }];
-  string relation = 3 [(validate.rules).string = {
-    pattern: "^(\\.\\.\\.|[a-z][a-z0-9_]{1,62}[a-z0-9])$"
-    max_bytes: 64
-  }];
+  string namespace = 1 [
+    (validate.rules).string = {
+      pattern: "^([a-z][a-z0-9_]{1,61}[a-z0-9]/)?[a-z][a-z0-9_]{1,62}[a-z0-9]$"
+      max_bytes: 128
+    },
+    (buf.validate.field).string = {
+      pattern: "^([a-z][a-z0-9_]{1,61}[a-z0-9]/)?[a-z][a-z0-9_]{1,62}[a-z0-9]$"
+      max_bytes: 128
+    }
+  ];
+  string relation = 3 [
+    (validate.rules).string = {
+      pattern: "^(\\.\\.\\.|[a-z][a-z0-9_]{1,62}[a-z0-9])$"
+      max_bytes: 64
+    },
+    (buf.validate.field).string = {
+      pattern: "^(\\.\\.\\.|[a-z][a-z0-9_]{1,62}[a-z0-9])$"
+      max_bytes: 64
+    }
+  ];
 }
 
 message User {
   oneof user_oneof {
     option (validate.required) = true;
+    option (buf.validate.oneof).required = true;
 
-    ObjectAndRelation userset = 2 [(validate.rules).message.required = true];
+    ObjectAndRelation userset = 2 [
+      (validate.rules).message.required = true,
+      (buf.validate.field).required = true
+    ];
   }
 }
diff --git a/authzed/api/v1/core.proto b/authzed/api/v1/core.proto
@@ -1,6 +1,7 @@
 syntax = "proto3";
 package authzed.api.v1;
 
+import "buf/validate/validate.proto";
 import "google/protobuf/struct.proto";
 import "validate/validate.proto";
 
@@ -13,73 +14,127 @@ option java_package = "com.authzed.api.v1";
 // answered.
 message Relationship {
   // resource is the resource to which the subject is related, in some manner
-  ObjectReference resource = 1 [(validate.rules).message.required = true];
+  ObjectReference resource = 1 [
+    (validate.rules).message.required = true,
+    (buf.validate.field).required = true
+  ];
 
   // relation is how the resource and subject are related.
-  string relation = 2 [(validate.rules).string = {
-    pattern: "^[a-z][a-z0-9_]{1,62}[a-z0-9]$"
-    max_bytes: 64
-  }];
+  string relation = 2 [
+    (validate.rules).string = {
+      pattern: "^[a-z][a-z0-9_]{1,62}[a-z0-9]$"
+      max_bytes: 64
+    },
+    (buf.validate.field).string = {
+      pattern: "^[a-z][a-z0-9_]{1,62}[a-z0-9]$"
+      max_bytes: 64
+    }
+  ];
 
   // subject is the subject to which the resource is related, in some manner.
-  SubjectReference subject = 3 [(validate.rules).message.required = true];
+  SubjectReference subject = 3 [
+    (validate.rules).message.required = true,
+    (buf.validate.field).required = true
+  ];
 
   // optional_caveat is a reference to a the caveat that must be enforced over the relationship
-  ContextualizedCaveat optional_caveat = 4 [(validate.rules).message.required = false];
+  ContextualizedCaveat optional_caveat = 4 [
+    (validate.rules).message.required = false,
+    (buf.validate.field).required = false
+  ];
 }
 
 // ContextualizedCaveat represents a reference to a caveat to be used by caveated relationships.
 // The context consists of key-value pairs that will be injected at evaluation time.
 // The keys must match the arguments defined on the caveat in the schema.
 message ContextualizedCaveat {
   // caveat_name is the name of the caveat expression to use, as defined in the schema
-  string caveat_name = 1 [(validate.rules).string = {
-    pattern: "^([a-zA-Z0-9_][a-zA-Z0-9/_|-]{0,127})$"
-    max_bytes: 128
-  }];
+  string caveat_name = 1 [
+    (validate.rules).string = {
+      pattern: "^([a-zA-Z0-9_][a-zA-Z0-9/_|-]{0,127})$"
+      max_bytes: 128
+    },
+    (buf.validate.field).string = {
+      pattern: "^([a-zA-Z0-9_][a-zA-Z0-9/_|-]{0,127})$"
+      max_bytes: 128
+    }
+  ];
 
   // context consists of any named values that are defined at write time for the caveat expression
-  google.protobuf.Struct context = 2 [(validate.rules).message.required = false];
+  google.protobuf.Struct context = 2 [
+    (validate.rules).message.required = false,
+    (buf.validate.field).required = false
+  ];
 }
 
 // SubjectReference is used for referring to the subject portion of a
 // Relationship. The relation component is optional and is used for defining a
 // sub-relation on the subject, e.g. group:123#members
 message SubjectReference {
-  ObjectReference object = 1 [(validate.rules).message.required = true];
-  string optional_relation = 2 [(validate.rules).string = {
-    pattern: "^([a-z][a-z0-9_]{1,62}[a-z0-9])?$"
-    max_bytes: 64
-  }];
+  ObjectReference object = 1 [
+    (validate.rules).message.required = true,
+    (buf.validate.field).required = true
+  ];
+  string optional_relation = 2 [
+    (validate.rules).string = {
+      pattern: "^([a-z][a-z0-9_]{1,62}[a-z0-9])?$"
+      max_bytes: 64
+    },
+    (buf.validate.field).string = {
+      pattern: "^([a-z][a-z0-9_]{1,62}[a-z0-9])?$"
+      max_bytes: 64
+    }
+  ];
 }
 
 // ObjectReference is used to refer to a specific object in the system.
 message ObjectReference {
-  string object_type = 1 [(validate.rules).string = {
-    pattern: "^([a-z][a-z0-9_]{1,61}[a-z0-9]/)*[a-z][a-z0-9_]{1,62}[a-z0-9]$"
-    max_bytes: 128
-  }];
-  string object_id = 2 [(validate.rules).string = {
-    pattern: "^(([a-zA-Z0-9/_|\\-=+]{1,})|\\*)$"
-    max_bytes: 1024
-  }];
+  string object_type = 1 [
+    (validate.rules).string = {
+      pattern: "^([a-z][a-z0-9_]{1,61}[a-z0-9]/)*[a-z][a-z0-9_]{1,62}[a-z0-9]$"
+      max_bytes: 128
+    },
+    (buf.validate.field).string = {
+      pattern: "^([a-z][a-z0-9_]{1,61}[a-z0-9]/)*[a-z][a-z0-9_]{1,62}[a-z0-9]$"
+      max_bytes: 128
+    }
+  ];
+  string object_id = 2 [
+    (validate.rules).string = {
+      pattern: "^(([a-zA-Z0-9/_|\\-=+]{1,})|\\*)$"
+      max_bytes: 1024
+    },
+    (buf.validate.field).string = {
+      pattern: "^(([a-zA-Z0-9/_|\\-=+]{1,})|\\*)$"
+      max_bytes: 1024
+    }
+  ];
 }
 
 // ZedToken is used to provide causality metadata between Write and Check
 // requests.
 //
 // See the authzed.api.v1.Consistency message for more information.
 message ZedToken {
-  string token = 1 [(validate.rules).string = {min_bytes: 1}];
+  string token = 1 [
+    (validate.rules).string = {min_bytes: 1},
+    (buf.validate.field).string = {min_bytes: 1}
+  ];
 }
 
 // Cursor is used to provide resumption of listing between calls to APIs
 // such as LookupResources.
 message Cursor {
-  string token = 1 [(validate.rules).string = {
-    min_bytes: 1
-    max_bytes: 102400
-  }];
+  string token = 1 [
+    (validate.rules).string = {
+      min_bytes: 1
+      max_bytes: 102400
+    },
+    (buf.validate.field).string = {
+      min_bytes: 1
+      max_bytes: 102400
+    }
+  ];
 }
 
 // RelationshipUpdate is used for mutating a single relationship within the
@@ -100,18 +155,28 @@ message RelationshipUpdate {
     OPERATION_TOUCH = 2;
     OPERATION_DELETE = 3;
   }
-  Operation operation = 1 [(validate.rules).enum = {
-    defined_only: true
-    not_in: [0]
-  }];
-  Relationship relationship = 2 [(validate.rules).message.required = true];
+  Operation operation = 1 [
+    (validate.rules).enum = {
+      defined_only: true
+      not_in: [0]
+    },
+    (buf.validate.field).enum = {
+      defined_only: true
+      not_in: [0]
+    }
+  ];
+  Relationship relationship = 2 [
+    (validate.rules).message.required = true,
+    (buf.validate.field).required = true
+  ];
 }
 
 // PermissionRelationshipTree is used for representing a tree of a resource and
 // its permission relationships with other objects.
 message PermissionRelationshipTree {
   oneof tree_type {
     option (validate.required) = true;
+    option (buf.validate.oneof).required = true;
 
     AlgebraicSubjectSet intermediate = 1;
     DirectSubjectSet leaf = 2;
@@ -138,11 +203,20 @@ message AlgebraicSubjectSet {
     OPERATION_EXCLUSION = 3;
   }
 
-  Operation operation = 1 [(validate.rules).enum = {
-    defined_only: true
-    not_in: [0]
-  }];
-  repeated PermissionRelationshipTree children = 2 [(validate.rules).repeated.items.message.required = true];
+  Operation operation = 1 [
+    (validate.rules).enum = {
+      defined_only: true
+      not_in: [0]
+    },
+    (buf.validate.field).enum = {
+      defined_only: true
+      not_in: [0]
+    }
+  ];
+  repeated PermissionRelationshipTree children = 2 [
+    (validate.rules).repeated.items.message.required = true,
+    (buf.validate.field).repeated.items.required = true
+  ];
 }
 
 // DirectSubjectSet is a subject set which is simply a collection of subjects.
@@ -155,5 +229,8 @@ message DirectSubjectSet {
 message PartialCaveatInfo {
   // missing_required_context is a list of one or more fields that were missing and prevented caveats
   // from being fully evaluated
-  repeated string missing_required_context = 1 [(validate.rules).repeated.min_items = 1];
+  repeated string missing_required_context = 1 [
+    (validate.rules).repeated.min_items = 1,
+    (buf.validate.field).repeated.min_items = 1
+  ];
 }