Skip to main content

spicedb_grpc_tonic/generated/
authzed.api.v1.rs

1// This file is @generated by prost-build.
2/// Relationship specifies how a resource relates to a subject. Relationships
3/// form the data for the graph over which all permissions questions are
4/// answered.
5#[derive(Clone, PartialEq, ::prost::Message)]
6pub struct Relationship {
7    /// resource is the resource to which the subject is related, in some manner
8    #[prost(message, optional, tag = "1")]
9    pub resource: ::core::option::Option<ObjectReference>,
10    /// relation is how the resource and subject are related.
11    #[prost(string, tag = "2")]
12    pub relation: ::prost::alloc::string::String,
13    /// subject is the subject to which the resource is related, in some manner.
14    #[prost(message, optional, tag = "3")]
15    pub subject: ::core::option::Option<SubjectReference>,
16    /// optional_caveat is a reference to a the caveat that must be enforced over the relationship
17    #[prost(message, optional, tag = "4")]
18    pub optional_caveat: ::core::option::Option<ContextualizedCaveat>,
19    /// optional_expires_at is the time at which the relationship expires, if any.
20    #[prost(message, optional, tag = "5")]
21    pub optional_expires_at: ::core::option::Option<::prost_types::Timestamp>,
22}
23/// ContextualizedCaveat represents a reference to a caveat to be used by caveated relationships.
24/// The context consists of key-value pairs that will be injected at evaluation time.
25/// The keys must match the arguments defined on the caveat in the schema.
26#[derive(Clone, PartialEq, ::prost::Message)]
27pub struct ContextualizedCaveat {
28    /// caveat_name is the name of the caveat expression to use, as defined in the schema
29    #[prost(string, tag = "1")]
30    pub caveat_name: ::prost::alloc::string::String,
31    /// context consists of any named values that are defined at write time for the caveat expression
32    #[prost(message, optional, tag = "2")]
33    pub context: ::core::option::Option<::prost_types::Struct>,
34}
35/// SubjectReference is used for referring to the subject portion of a
36/// Relationship. The relation component is optional and is used for defining a
37/// sub-relation on the subject, e.g. group:123#members
38#[derive(Clone, PartialEq, ::prost::Message)]
39pub struct SubjectReference {
40    #[prost(message, optional, tag = "1")]
41    pub object: ::core::option::Option<ObjectReference>,
42    #[prost(string, tag = "2")]
43    pub optional_relation: ::prost::alloc::string::String,
44}
45/// ObjectReference is used to refer to a specific object in the system.
46#[derive(Clone, PartialEq, ::prost::Message)]
47pub struct ObjectReference {
48    #[prost(string, tag = "1")]
49    pub object_type: ::prost::alloc::string::String,
50    #[prost(string, tag = "2")]
51    pub object_id: ::prost::alloc::string::String,
52}
53/// ZedToken represents a point in time, or a "revision" in SpiceDB.
54/// It is used to provide causality metadata between Write and read requests (Check, ReadRelationships, LookupResources, LookupSubjects)
55/// and can also be used to start watching for changes from a specific point in time.
56///
57/// See the authzed.api.v1.Consistency message for more information.
58#[derive(Clone, PartialEq, ::prost::Message)]
59pub struct ZedToken {
60    #[prost(string, tag = "1")]
61    pub token: ::prost::alloc::string::String,
62}
63/// Cursor is used to provide resumption of listing between calls to APIs
64/// such as LookupResources.
65#[derive(Clone, PartialEq, ::prost::Message)]
66pub struct Cursor {
67    #[prost(string, tag = "1")]
68    pub token: ::prost::alloc::string::String,
69}
70/// RelationshipUpdate is used for mutating a single relationship within the
71/// service.
72///
73/// CREATE will create the relationship only if it doesn't exist, and error
74/// otherwise.
75///
76/// TOUCH will upsert the relationship, and will not error if it
77/// already exists.
78///
79/// DELETE will delete the relationship. If the relationship does not exist,
80/// this operation will no-op.
81#[derive(Clone, PartialEq, ::prost::Message)]
82pub struct RelationshipUpdate {
83    #[prost(enumeration = "relationship_update::Operation", tag = "1")]
84    pub operation: i32,
85    #[prost(message, optional, tag = "2")]
86    pub relationship: ::core::option::Option<Relationship>,
87}
88/// Nested message and enum types in `RelationshipUpdate`.
89pub mod relationship_update {
90    #[derive(
91        Clone,
92        Copy,
93        Debug,
94        PartialEq,
95        Eq,
96        Hash,
97        PartialOrd,
98        Ord,
99        ::prost::Enumeration
100    )]
101    #[repr(i32)]
102    pub enum Operation {
103        Unspecified = 0,
104        Create = 1,
105        Touch = 2,
106        Delete = 3,
107    }
108    impl Operation {
109        /// String value of the enum field names used in the ProtoBuf definition.
110        ///
111        /// The values are not transformed in any way and thus are considered stable
112        /// (if the ProtoBuf definition does not change) and safe for programmatic use.
113        pub fn as_str_name(&self) -> &'static str {
114            match self {
115                Self::Unspecified => "OPERATION_UNSPECIFIED",
116                Self::Create => "OPERATION_CREATE",
117                Self::Touch => "OPERATION_TOUCH",
118                Self::Delete => "OPERATION_DELETE",
119            }
120        }
121        /// Creates an enum from field names used in the ProtoBuf definition.
122        pub fn from_str_name(value: &str) -> ::core::option::Option<Self> {
123            match value {
124                "OPERATION_UNSPECIFIED" => Some(Self::Unspecified),
125                "OPERATION_CREATE" => Some(Self::Create),
126                "OPERATION_TOUCH" => Some(Self::Touch),
127                "OPERATION_DELETE" => Some(Self::Delete),
128                _ => None,
129            }
130        }
131    }
132}
133/// PermissionRelationshipTree is used for representing a tree of a resource and
134/// its permission relationships with other objects.
135#[derive(Clone, PartialEq, ::prost::Message)]
136pub struct PermissionRelationshipTree {
137    #[prost(message, optional, tag = "3")]
138    pub expanded_object: ::core::option::Option<ObjectReference>,
139    #[prost(string, tag = "4")]
140    pub expanded_relation: ::prost::alloc::string::String,
141    #[prost(oneof = "permission_relationship_tree::TreeType", tags = "1, 2")]
142    pub tree_type: ::core::option::Option<permission_relationship_tree::TreeType>,
143}
144/// Nested message and enum types in `PermissionRelationshipTree`.
145pub mod permission_relationship_tree {
146    #[derive(Clone, PartialEq, ::prost::Oneof)]
147    pub enum TreeType {
148        #[prost(message, tag = "1")]
149        Intermediate(super::AlgebraicSubjectSet),
150        #[prost(message, tag = "2")]
151        Leaf(super::DirectSubjectSet),
152    }
153}
154/// AlgebraicSubjectSet is a subject set which is computed based on applying the
155/// specified operation to the operands according to the algebra of sets.
156///
157/// UNION is a logical set containing the subject members from all operands.
158///
159/// INTERSECTION is a logical set containing only the subject members which are
160/// present in all operands.
161///
162/// EXCLUSION is a logical set containing only the subject members which are
163/// present in the first operand, and none of the other operands.
164#[derive(Clone, PartialEq, ::prost::Message)]
165pub struct AlgebraicSubjectSet {
166    #[prost(enumeration = "algebraic_subject_set::Operation", tag = "1")]
167    pub operation: i32,
168    #[prost(message, repeated, tag = "2")]
169    pub children: ::prost::alloc::vec::Vec<PermissionRelationshipTree>,
170}
171/// Nested message and enum types in `AlgebraicSubjectSet`.
172pub mod algebraic_subject_set {
173    #[derive(
174        Clone,
175        Copy,
176        Debug,
177        PartialEq,
178        Eq,
179        Hash,
180        PartialOrd,
181        Ord,
182        ::prost::Enumeration
183    )]
184    #[repr(i32)]
185    pub enum Operation {
186        Unspecified = 0,
187        Union = 1,
188        Intersection = 2,
189        Exclusion = 3,
190    }
191    impl Operation {
192        /// String value of the enum field names used in the ProtoBuf definition.
193        ///
194        /// The values are not transformed in any way and thus are considered stable
195        /// (if the ProtoBuf definition does not change) and safe for programmatic use.
196        pub fn as_str_name(&self) -> &'static str {
197            match self {
198                Self::Unspecified => "OPERATION_UNSPECIFIED",
199                Self::Union => "OPERATION_UNION",
200                Self::Intersection => "OPERATION_INTERSECTION",
201                Self::Exclusion => "OPERATION_EXCLUSION",
202            }
203        }
204        /// Creates an enum from field names used in the ProtoBuf definition.
205        pub fn from_str_name(value: &str) -> ::core::option::Option<Self> {
206            match value {
207                "OPERATION_UNSPECIFIED" => Some(Self::Unspecified),
208                "OPERATION_UNION" => Some(Self::Union),
209                "OPERATION_INTERSECTION" => Some(Self::Intersection),
210                "OPERATION_EXCLUSION" => Some(Self::Exclusion),
211                _ => None,
212            }
213        }
214    }
215}
216/// DirectSubjectSet is a subject set which is simply a collection of subjects.
217#[derive(Clone, PartialEq, ::prost::Message)]
218pub struct DirectSubjectSet {
219    #[prost(message, repeated, tag = "1")]
220    pub subjects: ::prost::alloc::vec::Vec<SubjectReference>,
221}
222/// PartialCaveatInfo carries information necessary for the client to take action
223/// in the event a response contains a partially evaluated caveat
224#[derive(Clone, PartialEq, ::prost::Message)]
225pub struct PartialCaveatInfo {
226    /// missing_required_context is a list of one or more fields that were missing and prevented caveats
227    /// from being fully evaluated
228    #[prost(string, repeated, tag = "1")]
229    pub missing_required_context: ::prost::alloc::vec::Vec<
230        ::prost::alloc::string::String,
231    >,
232}
233/// DebugInformation defines debug information returned by an API call in a footer when
234/// requested with a specific debugging header.
235///
236/// The specific debug information returned will depend on the type of the API call made.
237///
238/// See the github.com/authzed/authzed-go project for the specific header and footer names.
239#[derive(Clone, PartialEq, ::prost::Message)]
240pub struct DebugInformation {
241    /// check holds debug information about a check request.
242    #[prost(message, optional, tag = "1")]
243    pub check: ::core::option::Option<CheckDebugTrace>,
244    /// schema_used holds the schema used for the request.
245    #[prost(string, tag = "2")]
246    pub schema_used: ::prost::alloc::string::String,
247}
248/// CheckDebugTrace is a recursive trace of the requests made for resolving a CheckPermission
249/// API call.
250#[derive(Clone, PartialEq, ::prost::Message)]
251pub struct CheckDebugTrace {
252    /// resource holds the resource on which the Check was performed.
253    /// for batched calls, the object_id field contains a comma-separated list of object IDs
254    /// for all the resources checked in the batch.
255    #[prost(message, optional, tag = "1")]
256    pub resource: ::core::option::Option<ObjectReference>,
257    /// permission holds the name of the permission or relation on which the Check was performed.
258    #[prost(string, tag = "2")]
259    pub permission: ::prost::alloc::string::String,
260    /// permission_type holds information indicating whether it was a permission or relation.
261    #[prost(enumeration = "check_debug_trace::PermissionType", tag = "3")]
262    pub permission_type: i32,
263    /// subject holds the subject on which the Check was performed. This will be static across all calls within
264    /// the same Check tree.
265    #[prost(message, optional, tag = "4")]
266    pub subject: ::core::option::Option<SubjectReference>,
267    /// result holds the result of the Check call.
268    #[prost(enumeration = "check_debug_trace::Permissionship", tag = "5")]
269    pub result: i32,
270    /// caveat_evaluation_info holds information about the caveat evaluated for this step of the trace.
271    #[prost(message, optional, tag = "8")]
272    pub caveat_evaluation_info: ::core::option::Option<CaveatEvalInfo>,
273    /// duration holds the time spent executing this Check operation.
274    #[prost(message, optional, tag = "9")]
275    pub duration: ::core::option::Option<::prost_types::Duration>,
276    /// optional_expires_at is the time at which at least one of the relationships used to
277    /// compute this result, expires (if any). This is *not* related to the caching window.
278    #[prost(message, optional, tag = "10")]
279    pub optional_expires_at: ::core::option::Option<::prost_types::Timestamp>,
280    /// trace_operation_id is a unique identifier for this trace's operation, that will
281    /// be shared for all traces created for the same check operation in SpiceDB.
282    ///
283    /// In cases where SpiceDB performs automatic batching of subproblems, this ID can be used
284    /// to correlate work that was shared across multiple traces.
285    ///
286    /// This identifier is generated by SpiceDB, is to be considered opaque to the caller
287    /// and only guaranteed to be unique within the same overall Check or CheckBulk operation.
288    #[prost(string, tag = "11")]
289    pub trace_operation_id: ::prost::alloc::string::String,
290    /// source holds the source of the result. It is of the form:
291    /// `<sourcetype>:<sourceid>`, where sourcetype can be, among others:
292    /// `spicedb`, `materialize`, etc.
293    #[prost(string, tag = "12")]
294    pub source: ::prost::alloc::string::String,
295    /// resolution holds information about how the problem was resolved.
296    #[prost(oneof = "check_debug_trace::Resolution", tags = "6, 7")]
297    pub resolution: ::core::option::Option<check_debug_trace::Resolution>,
298}
299/// Nested message and enum types in `CheckDebugTrace`.
300pub mod check_debug_trace {
301    #[derive(Clone, PartialEq, ::prost::Message)]
302    pub struct SubProblems {
303        #[prost(message, repeated, tag = "1")]
304        pub traces: ::prost::alloc::vec::Vec<super::CheckDebugTrace>,
305    }
306    #[derive(
307        Clone,
308        Copy,
309        Debug,
310        PartialEq,
311        Eq,
312        Hash,
313        PartialOrd,
314        Ord,
315        ::prost::Enumeration
316    )]
317    #[repr(i32)]
318    pub enum PermissionType {
319        Unspecified = 0,
320        Relation = 1,
321        Permission = 2,
322    }
323    impl PermissionType {
324        /// String value of the enum field names used in the ProtoBuf definition.
325        ///
326        /// The values are not transformed in any way and thus are considered stable
327        /// (if the ProtoBuf definition does not change) and safe for programmatic use.
328        pub fn as_str_name(&self) -> &'static str {
329            match self {
330                Self::Unspecified => "PERMISSION_TYPE_UNSPECIFIED",
331                Self::Relation => "PERMISSION_TYPE_RELATION",
332                Self::Permission => "PERMISSION_TYPE_PERMISSION",
333            }
334        }
335        /// Creates an enum from field names used in the ProtoBuf definition.
336        pub fn from_str_name(value: &str) -> ::core::option::Option<Self> {
337            match value {
338                "PERMISSION_TYPE_UNSPECIFIED" => Some(Self::Unspecified),
339                "PERMISSION_TYPE_RELATION" => Some(Self::Relation),
340                "PERMISSION_TYPE_PERMISSION" => Some(Self::Permission),
341                _ => None,
342            }
343        }
344    }
345    #[derive(
346        Clone,
347        Copy,
348        Debug,
349        PartialEq,
350        Eq,
351        Hash,
352        PartialOrd,
353        Ord,
354        ::prost::Enumeration
355    )]
356    #[repr(i32)]
357    pub enum Permissionship {
358        Unspecified = 0,
359        NoPermission = 1,
360        HasPermission = 2,
361        ConditionalPermission = 3,
362    }
363    impl Permissionship {
364        /// String value of the enum field names used in the ProtoBuf definition.
365        ///
366        /// The values are not transformed in any way and thus are considered stable
367        /// (if the ProtoBuf definition does not change) and safe for programmatic use.
368        pub fn as_str_name(&self) -> &'static str {
369            match self {
370                Self::Unspecified => "PERMISSIONSHIP_UNSPECIFIED",
371                Self::NoPermission => "PERMISSIONSHIP_NO_PERMISSION",
372                Self::HasPermission => "PERMISSIONSHIP_HAS_PERMISSION",
373                Self::ConditionalPermission => "PERMISSIONSHIP_CONDITIONAL_PERMISSION",
374            }
375        }
376        /// Creates an enum from field names used in the ProtoBuf definition.
377        pub fn from_str_name(value: &str) -> ::core::option::Option<Self> {
378            match value {
379                "PERMISSIONSHIP_UNSPECIFIED" => Some(Self::Unspecified),
380                "PERMISSIONSHIP_NO_PERMISSION" => Some(Self::NoPermission),
381                "PERMISSIONSHIP_HAS_PERMISSION" => Some(Self::HasPermission),
382                "PERMISSIONSHIP_CONDITIONAL_PERMISSION" => {
383                    Some(Self::ConditionalPermission)
384                }
385                _ => None,
386            }
387        }
388    }
389    /// resolution holds information about how the problem was resolved.
390    #[derive(Clone, PartialEq, ::prost::Oneof)]
391    pub enum Resolution {
392        /// was_cached_result, if true, indicates that the result was found in the cache and returned directly.
393        #[prost(bool, tag = "6")]
394        WasCachedResult(bool),
395        /// sub_problems holds the sub problems that were executed to resolve the answer to this Check. An empty list
396        /// and a permissionship of PERMISSIONSHIP_HAS_PERMISSION indicates the subject was found within this relation.
397        #[prost(message, tag = "7")]
398        SubProblems(SubProblems),
399    }
400}
401/// CaveatEvalInfo holds information about a caveat expression that was evaluated.
402#[derive(Clone, PartialEq, ::prost::Message)]
403pub struct CaveatEvalInfo {
404    /// expression is the expression that was evaluated.
405    #[prost(string, tag = "1")]
406    pub expression: ::prost::alloc::string::String,
407    /// result is the result of the evaluation.
408    #[prost(enumeration = "caveat_eval_info::Result", tag = "2")]
409    pub result: i32,
410    /// context consists of any named values that were used for evaluating the caveat expression.
411    #[prost(message, optional, tag = "3")]
412    pub context: ::core::option::Option<::prost_types::Struct>,
413    /// partial_caveat_info holds information of a partially-evaluated caveated response, if applicable.
414    #[prost(message, optional, tag = "4")]
415    pub partial_caveat_info: ::core::option::Option<PartialCaveatInfo>,
416    /// caveat_name is the name of the caveat that was executed, if applicable.
417    #[prost(string, tag = "5")]
418    pub caveat_name: ::prost::alloc::string::String,
419}
420/// Nested message and enum types in `CaveatEvalInfo`.
421pub mod caveat_eval_info {
422    #[derive(
423        Clone,
424        Copy,
425        Debug,
426        PartialEq,
427        Eq,
428        Hash,
429        PartialOrd,
430        Ord,
431        ::prost::Enumeration
432    )]
433    #[repr(i32)]
434    pub enum Result {
435        Unspecified = 0,
436        Unevaluated = 1,
437        False = 2,
438        True = 3,
439        MissingSomeContext = 4,
440    }
441    impl Result {
442        /// String value of the enum field names used in the ProtoBuf definition.
443        ///
444        /// The values are not transformed in any way and thus are considered stable
445        /// (if the ProtoBuf definition does not change) and safe for programmatic use.
446        pub fn as_str_name(&self) -> &'static str {
447            match self {
448                Self::Unspecified => "RESULT_UNSPECIFIED",
449                Self::Unevaluated => "RESULT_UNEVALUATED",
450                Self::False => "RESULT_FALSE",
451                Self::True => "RESULT_TRUE",
452                Self::MissingSomeContext => "RESULT_MISSING_SOME_CONTEXT",
453            }
454        }
455        /// Creates an enum from field names used in the ProtoBuf definition.
456        pub fn from_str_name(value: &str) -> ::core::option::Option<Self> {
457            match value {
458                "RESULT_UNSPECIFIED" => Some(Self::Unspecified),
459                "RESULT_UNEVALUATED" => Some(Self::Unevaluated),
460                "RESULT_FALSE" => Some(Self::False),
461                "RESULT_TRUE" => Some(Self::True),
462                "RESULT_MISSING_SOME_CONTEXT" => Some(Self::MissingSomeContext),
463                _ => None,
464            }
465        }
466    }
467}
468/// Consistency will define how a request is handled by the backend.
469/// By defining a consistency requirement, and a token at which those
470/// requirements should be applied, where applicable.
471#[derive(Clone, PartialEq, ::prost::Message)]
472pub struct Consistency {
473    #[prost(oneof = "consistency::Requirement", tags = "1, 2, 3, 4")]
474    pub requirement: ::core::option::Option<consistency::Requirement>,
475}
476/// Nested message and enum types in `Consistency`.
477pub mod consistency {
478    #[derive(Clone, PartialEq, ::prost::Oneof)]
479    pub enum Requirement {
480        /// minimize_latency indicates that the latency for the call should be
481        /// minimized by having the system select the fastest snapshot available.
482        #[prost(bool, tag = "1")]
483        MinimizeLatency(bool),
484        /// at_least_as_fresh indicates that all data used in the API call must be
485        /// *at least as fresh* as that found in the ZedToken; more recent data might
486        /// be used if available or faster.
487        #[prost(message, tag = "2")]
488        AtLeastAsFresh(super::ZedToken),
489        /// at_exact_snapshot indicates that all data used in the API call must be
490        /// *at the given* snapshot in time; if the snapshot is no longer available,
491        /// an error will be returned to the caller.
492        #[prost(message, tag = "3")]
493        AtExactSnapshot(super::ZedToken),
494        /// fully_consistent indicates that all data used in the API call *must* be
495        /// at the most recent snapshot found.
496        ///
497        /// NOTE: using this method can be *quite slow*, so unless there is a need to
498        /// do so, it is recommended to use `at_least_as_fresh` with a stored
499        /// ZedToken.
500        #[prost(bool, tag = "4")]
501        FullyConsistent(bool),
502    }
503}
504/// RelationshipFilter is a collection of filters which when applied to a
505/// relationship will return relationships that have exactly matching fields.
506///
507/// All fields are optional and if left unspecified will not filter relationships,
508/// but at least one field must be specified.
509///
510/// NOTE: The performance of the API will be affected by the selection of fields
511/// on which to filter. If a field is not indexed, the performance of the API
512/// can be significantly slower.
513#[derive(Clone, PartialEq, ::prost::Message)]
514pub struct RelationshipFilter {
515    /// resource_type is the *optional* resource type of the relationship.
516    /// NOTE: It is not prefixed with "optional_" for legacy compatibility.
517    #[prost(string, tag = "1")]
518    pub resource_type: ::prost::alloc::string::String,
519    /// optional_resource_id is the *optional* resource ID of the relationship.
520    /// If specified, optional_resource_id_prefix cannot be specified.
521    #[prost(string, tag = "2")]
522    pub optional_resource_id: ::prost::alloc::string::String,
523    /// optional_resource_id_prefix is the *optional* prefix for the resource ID of the relationship.
524    /// If specified, optional_resource_id cannot be specified.
525    #[prost(string, tag = "5")]
526    pub optional_resource_id_prefix: ::prost::alloc::string::String,
527    /// relation is the *optional* relation of the relationship.
528    #[prost(string, tag = "3")]
529    pub optional_relation: ::prost::alloc::string::String,
530    /// optional_subject_filter is the optional filter for the subjects of the relationships.
531    #[prost(message, optional, tag = "4")]
532    pub optional_subject_filter: ::core::option::Option<SubjectFilter>,
533}
534/// SubjectFilter specifies a filter on the subject of a relationship.
535///
536/// subject_type is required and all other fields are optional, and will not
537/// impose any additional requirements if left unspecified.
538#[derive(Clone, PartialEq, ::prost::Message)]
539pub struct SubjectFilter {
540    #[prost(string, tag = "1")]
541    pub subject_type: ::prost::alloc::string::String,
542    #[prost(string, tag = "2")]
543    pub optional_subject_id: ::prost::alloc::string::String,
544    #[prost(message, optional, tag = "3")]
545    pub optional_relation: ::core::option::Option<subject_filter::RelationFilter>,
546}
547/// Nested message and enum types in `SubjectFilter`.
548pub mod subject_filter {
549    #[derive(Clone, PartialEq, ::prost::Message)]
550    pub struct RelationFilter {
551        #[prost(string, tag = "1")]
552        pub relation: ::prost::alloc::string::String,
553    }
554}
555/// ReadRelationshipsRequest specifies one or more filters used to read matching
556/// relationships within the system.
557#[derive(Clone, PartialEq, ::prost::Message)]
558pub struct ReadRelationshipsRequest {
559    #[prost(message, optional, tag = "1")]
560    pub consistency: ::core::option::Option<Consistency>,
561    /// relationship_filter defines the filter to be applied to the relationships
562    /// to be returned.
563    #[prost(message, optional, tag = "2")]
564    pub relationship_filter: ::core::option::Option<RelationshipFilter>,
565    /// optional_limit, if non-zero, specifies the limit on the number of relationships to return
566    /// before the stream is closed on the server side. By default, the stream will continue
567    /// resolving relationships until exhausted or the stream is closed due to the client or a
568    /// network issue.
569    #[prost(uint32, tag = "3")]
570    pub optional_limit: u32,
571    /// optional_cursor, if specified, indicates the cursor after which results should resume being returned.
572    /// The cursor can be found on the ReadRelationshipsResponse object.
573    #[prost(message, optional, tag = "4")]
574    pub optional_cursor: ::core::option::Option<Cursor>,
575}
576/// ReadRelationshipsResponse contains a Relationship found that matches the
577/// specified relationship filter(s). A instance of this response message will
578/// be streamed to the client for each relationship found.
579#[derive(Clone, PartialEq, ::prost::Message)]
580pub struct ReadRelationshipsResponse {
581    /// read_at is the ZedToken at which the relationship was found.
582    #[prost(message, optional, tag = "1")]
583    pub read_at: ::core::option::Option<ZedToken>,
584    /// relationship is the found relationship.
585    #[prost(message, optional, tag = "2")]
586    pub relationship: ::core::option::Option<Relationship>,
587    /// after_result_cursor holds a cursor that can be used to resume the ReadRelationships stream after this
588    /// result.
589    #[prost(message, optional, tag = "3")]
590    pub after_result_cursor: ::core::option::Option<Cursor>,
591}
592/// Precondition specifies how and the existence or absence of certain
593/// relationships as expressed through the accompanying filter should affect
594/// whether or not the operation proceeds.
595///
596/// MUST_NOT_MATCH will fail the parent request if any relationships match the
597/// relationships filter.
598/// MUST_MATCH will fail the parent request if there are no
599/// relationships that match the filter.
600#[derive(Clone, PartialEq, ::prost::Message)]
601pub struct Precondition {
602    #[prost(enumeration = "precondition::Operation", tag = "1")]
603    pub operation: i32,
604    #[prost(message, optional, tag = "2")]
605    pub filter: ::core::option::Option<RelationshipFilter>,
606}
607/// Nested message and enum types in `Precondition`.
608pub mod precondition {
609    #[derive(
610        Clone,
611        Copy,
612        Debug,
613        PartialEq,
614        Eq,
615        Hash,
616        PartialOrd,
617        Ord,
618        ::prost::Enumeration
619    )]
620    #[repr(i32)]
621    pub enum Operation {
622        Unspecified = 0,
623        MustNotMatch = 1,
624        MustMatch = 2,
625    }
626    impl Operation {
627        /// String value of the enum field names used in the ProtoBuf definition.
628        ///
629        /// The values are not transformed in any way and thus are considered stable
630        /// (if the ProtoBuf definition does not change) and safe for programmatic use.
631        pub fn as_str_name(&self) -> &'static str {
632            match self {
633                Self::Unspecified => "OPERATION_UNSPECIFIED",
634                Self::MustNotMatch => "OPERATION_MUST_NOT_MATCH",
635                Self::MustMatch => "OPERATION_MUST_MATCH",
636            }
637        }
638        /// Creates an enum from field names used in the ProtoBuf definition.
639        pub fn from_str_name(value: &str) -> ::core::option::Option<Self> {
640            match value {
641                "OPERATION_UNSPECIFIED" => Some(Self::Unspecified),
642                "OPERATION_MUST_NOT_MATCH" => Some(Self::MustNotMatch),
643                "OPERATION_MUST_MATCH" => Some(Self::MustMatch),
644                _ => None,
645            }
646        }
647    }
648}
649/// WriteRelationshipsRequest contains a list of Relationship mutations that
650/// should be applied to the service. If the optional_preconditions parameter
651/// is included, all of the specified preconditions must also be satisfied before
652/// the write will be committed. All updates will be applied transactionally,
653/// and if any preconditions fail, the entire transaction will be reverted.
654#[derive(Clone, PartialEq, ::prost::Message)]
655pub struct WriteRelationshipsRequest {
656    #[prost(message, repeated, tag = "1")]
657    pub updates: ::prost::alloc::vec::Vec<RelationshipUpdate>,
658    /// To be bounded by configuration
659    #[prost(message, repeated, tag = "2")]
660    pub optional_preconditions: ::prost::alloc::vec::Vec<Precondition>,
661    /// optional_transaction_metadata is an optional field that can be used to store metadata about the transaction.
662    /// If specified, this metadata will be supplied in the WatchResponse for the updates associated with this
663    /// transaction.
664    #[prost(message, optional, tag = "3")]
665    pub optional_transaction_metadata: ::core::option::Option<::prost_types::Struct>,
666}
667#[derive(Clone, PartialEq, ::prost::Message)]
668pub struct WriteRelationshipsResponse {
669    /// written_at is the revision at which the relationships were written or deleted.
670    #[prost(message, optional, tag = "1")]
671    pub written_at: ::core::option::Option<ZedToken>,
672}
673/// DeleteRelationshipsRequest specifies which Relationships should be deleted,
674/// requesting the delete of *ALL* relationships that match the specified
675/// filters. If the optional_preconditions parameter is included, all of the
676/// specified preconditions must also be satisfied before the delete will be
677/// executed.
678#[derive(Clone, PartialEq, ::prost::Message)]
679pub struct DeleteRelationshipsRequest {
680    #[prost(message, optional, tag = "1")]
681    pub relationship_filter: ::core::option::Option<RelationshipFilter>,
682    /// To be bounded by configuration
683    #[prost(message, repeated, tag = "2")]
684    pub optional_preconditions: ::prost::alloc::vec::Vec<Precondition>,
685    /// optional_limit, if non-zero, specifies the limit on the number of relationships to be deleted.
686    /// If there are more matching relationships found to be deleted than the limit specified here,
687    /// the deletion call will fail with an error to prevent partial deletion. If partial deletion
688    /// is needed, specify below that partial deletion is allowed. Partial deletions can be used
689    /// in a loop to delete large amounts of relationships in a *non-transactional* manner.
690    #[prost(uint32, tag = "3")]
691    pub optional_limit: u32,
692    /// optional_allow_partial_deletions, if true and a limit is specified, will delete matching found
693    /// relationships up to the count specified in optional_limit, and no more.
694    #[prost(bool, tag = "4")]
695    pub optional_allow_partial_deletions: bool,
696    /// optional_transaction_metadata is an optional field that can be used to store metadata about the transaction.
697    /// If specified, this metadata will be supplied in the WatchResponse for the deletions associated with
698    /// this transaction.
699    #[prost(message, optional, tag = "5")]
700    pub optional_transaction_metadata: ::core::option::Option<::prost_types::Struct>,
701}
702#[derive(Clone, PartialEq, ::prost::Message)]
703pub struct DeleteRelationshipsResponse {
704    /// deleted_at is the revision at which the relationships were deleted.
705    #[prost(message, optional, tag = "1")]
706    pub deleted_at: ::core::option::Option<ZedToken>,
707    /// deletion_progress is an enumeration of the possible outcomes that occurred when attempting to delete the specified relationships.
708    #[prost(enumeration = "delete_relationships_response::DeletionProgress", tag = "2")]
709    pub deletion_progress: i32,
710    /// relationships_deleted_count is the number of relationships that were deleted.
711    #[prost(uint64, tag = "3")]
712    pub relationships_deleted_count: u64,
713}
714/// Nested message and enum types in `DeleteRelationshipsResponse`.
715pub mod delete_relationships_response {
716    #[derive(
717        Clone,
718        Copy,
719        Debug,
720        PartialEq,
721        Eq,
722        Hash,
723        PartialOrd,
724        Ord,
725        ::prost::Enumeration
726    )]
727    #[repr(i32)]
728    pub enum DeletionProgress {
729        Unspecified = 0,
730        /// DELETION_PROGRESS_COMPLETE indicates that all remaining relationships matching the filter
731        /// were deleted. Will be returned even if no relationships were deleted.
732        Complete = 1,
733        /// DELETION_PROGRESS_PARTIAL indicates that a subset of the relationships matching the filter
734        /// were deleted. Only returned if optional_allow_partial_deletions was true, an optional_limit was
735        /// specified, and there existed more relationships matching the filter than optional_limit would allow.
736        /// Once all remaining relationships have been deleted, DELETION_PROGRESS_COMPLETE will be returned.
737        Partial = 2,
738    }
739    impl DeletionProgress {
740        /// String value of the enum field names used in the ProtoBuf definition.
741        ///
742        /// The values are not transformed in any way and thus are considered stable
743        /// (if the ProtoBuf definition does not change) and safe for programmatic use.
744        pub fn as_str_name(&self) -> &'static str {
745            match self {
746                Self::Unspecified => "DELETION_PROGRESS_UNSPECIFIED",
747                Self::Complete => "DELETION_PROGRESS_COMPLETE",
748                Self::Partial => "DELETION_PROGRESS_PARTIAL",
749            }
750        }
751        /// Creates an enum from field names used in the ProtoBuf definition.
752        pub fn from_str_name(value: &str) -> ::core::option::Option<Self> {
753            match value {
754                "DELETION_PROGRESS_UNSPECIFIED" => Some(Self::Unspecified),
755                "DELETION_PROGRESS_COMPLETE" => Some(Self::Complete),
756                "DELETION_PROGRESS_PARTIAL" => Some(Self::Partial),
757                _ => None,
758            }
759        }
760    }
761}
762/// CheckPermissionRequest issues a check on whether a subject has a permission
763/// or is a member of a relation, on a specific resource.
764#[derive(Clone, PartialEq, ::prost::Message)]
765pub struct CheckPermissionRequest {
766    #[prost(message, optional, tag = "1")]
767    pub consistency: ::core::option::Option<Consistency>,
768    /// resource is the resource on which to check the permission or relation.
769    #[prost(message, optional, tag = "2")]
770    pub resource: ::core::option::Option<ObjectReference>,
771    /// permission is the name of the permission (or relation) on which to execute
772    /// the check.
773    #[prost(string, tag = "3")]
774    pub permission: ::prost::alloc::string::String,
775    /// subject is the subject that will be checked for the permission or relation.
776    #[prost(message, optional, tag = "4")]
777    pub subject: ::core::option::Option<SubjectReference>,
778    /// context consists of named values that are injected into the caveat evaluation context
779    #[prost(message, optional, tag = "5")]
780    pub context: ::core::option::Option<::prost_types::Struct>,
781    /// with_tracing, if true, indicates that the response should include a debug trace.
782    /// This can be useful for debugging and performance analysis, but adds a small amount
783    /// of compute overhead to the request.
784    #[prost(bool, tag = "6")]
785    pub with_tracing: bool,
786}
787#[derive(Clone, PartialEq, ::prost::Message)]
788pub struct CheckPermissionResponse {
789    #[prost(message, optional, tag = "1")]
790    pub checked_at: ::core::option::Option<ZedToken>,
791    /// Permissionship communicates whether or not the subject has the requested
792    /// permission or has a relationship with the given resource, over the given
793    /// relation.
794    ///
795    /// This value will be authzed.api.v1.PERMISSIONSHIP_HAS_PERMISSION if the
796    /// requested subject is a member of the computed permission set or there
797    /// exists a relationship with the requested relation from the given resource
798    /// to the given subject.
799    #[prost(enumeration = "check_permission_response::Permissionship", tag = "2")]
800    pub permissionship: i32,
801    /// partial_caveat_info holds information of a partially-evaluated caveated response
802    #[prost(message, optional, tag = "3")]
803    pub partial_caveat_info: ::core::option::Option<PartialCaveatInfo>,
804    /// debug_trace is the debugging trace of this check, if requested.
805    #[prost(message, optional, tag = "4")]
806    pub debug_trace: ::core::option::Option<DebugInformation>,
807    /// optional_expires_at is the time at which at least one of the relationships used to
808    /// compute this result, expires (if any). This is *not* related to the caching window.
809    #[prost(message, optional, tag = "5")]
810    pub optional_expires_at: ::core::option::Option<::prost_types::Timestamp>,
811}
812/// Nested message and enum types in `CheckPermissionResponse`.
813pub mod check_permission_response {
814    #[derive(
815        Clone,
816        Copy,
817        Debug,
818        PartialEq,
819        Eq,
820        Hash,
821        PartialOrd,
822        Ord,
823        ::prost::Enumeration
824    )]
825    #[repr(i32)]
826    pub enum Permissionship {
827        Unspecified = 0,
828        NoPermission = 1,
829        HasPermission = 2,
830        ConditionalPermission = 3,
831    }
832    impl Permissionship {
833        /// String value of the enum field names used in the ProtoBuf definition.
834        ///
835        /// The values are not transformed in any way and thus are considered stable
836        /// (if the ProtoBuf definition does not change) and safe for programmatic use.
837        pub fn as_str_name(&self) -> &'static str {
838            match self {
839                Self::Unspecified => "PERMISSIONSHIP_UNSPECIFIED",
840                Self::NoPermission => "PERMISSIONSHIP_NO_PERMISSION",
841                Self::HasPermission => "PERMISSIONSHIP_HAS_PERMISSION",
842                Self::ConditionalPermission => "PERMISSIONSHIP_CONDITIONAL_PERMISSION",
843            }
844        }
845        /// Creates an enum from field names used in the ProtoBuf definition.
846        pub fn from_str_name(value: &str) -> ::core::option::Option<Self> {
847            match value {
848                "PERMISSIONSHIP_UNSPECIFIED" => Some(Self::Unspecified),
849                "PERMISSIONSHIP_NO_PERMISSION" => Some(Self::NoPermission),
850                "PERMISSIONSHIP_HAS_PERMISSION" => Some(Self::HasPermission),
851                "PERMISSIONSHIP_CONDITIONAL_PERMISSION" => {
852                    Some(Self::ConditionalPermission)
853                }
854                _ => None,
855            }
856        }
857    }
858}
859/// CheckBulkPermissionsRequest issues a check on whether a subject has permission
860/// or is a member of a relation on a specific resource for each item in the list.
861///
862/// The ordering of the items in the response is maintained in the response.
863/// Checks with the same subject/permission will automatically be batched for performance optimization.
864#[derive(Clone, PartialEq, ::prost::Message)]
865pub struct CheckBulkPermissionsRequest {
866    #[prost(message, optional, tag = "1")]
867    pub consistency: ::core::option::Option<Consistency>,
868    #[prost(message, repeated, tag = "2")]
869    pub items: ::prost::alloc::vec::Vec<CheckBulkPermissionsRequestItem>,
870    /// with_tracing, if true, indicates that each response should include a debug trace.
871    /// This can be useful for debugging and performance analysis, but adds a small amount
872    /// of compute overhead to the request.
873    #[prost(bool, tag = "3")]
874    pub with_tracing: bool,
875}
876#[derive(Clone, PartialEq, ::prost::Message)]
877pub struct CheckBulkPermissionsRequestItem {
878    #[prost(message, optional, tag = "1")]
879    pub resource: ::core::option::Option<ObjectReference>,
880    #[prost(string, tag = "2")]
881    pub permission: ::prost::alloc::string::String,
882    #[prost(message, optional, tag = "3")]
883    pub subject: ::core::option::Option<SubjectReference>,
884    #[prost(message, optional, tag = "4")]
885    pub context: ::core::option::Option<::prost_types::Struct>,
886}
887#[derive(Clone, PartialEq, ::prost::Message)]
888pub struct CheckBulkPermissionsResponse {
889    #[prost(message, optional, tag = "1")]
890    pub checked_at: ::core::option::Option<ZedToken>,
891    #[prost(message, repeated, tag = "2")]
892    pub pairs: ::prost::alloc::vec::Vec<CheckBulkPermissionsPair>,
893}
894#[derive(Clone, PartialEq, ::prost::Message)]
895pub struct CheckBulkPermissionsPair {
896    #[prost(message, optional, tag = "1")]
897    pub request: ::core::option::Option<CheckBulkPermissionsRequestItem>,
898    #[prost(oneof = "check_bulk_permissions_pair::Response", tags = "2, 3")]
899    pub response: ::core::option::Option<check_bulk_permissions_pair::Response>,
900}
901/// Nested message and enum types in `CheckBulkPermissionsPair`.
902pub mod check_bulk_permissions_pair {
903    #[derive(Clone, PartialEq, ::prost::Oneof)]
904    pub enum Response {
905        #[prost(message, tag = "2")]
906        Item(super::CheckBulkPermissionsResponseItem),
907        #[prost(message, tag = "3")]
908        Error(super::super::super::super::google::rpc::Status),
909    }
910}
911#[derive(Clone, PartialEq, ::prost::Message)]
912pub struct CheckBulkPermissionsResponseItem {
913    #[prost(enumeration = "check_permission_response::Permissionship", tag = "1")]
914    pub permissionship: i32,
915    #[prost(message, optional, tag = "2")]
916    pub partial_caveat_info: ::core::option::Option<PartialCaveatInfo>,
917    /// debug_trace is the debugging trace of this check, if requested.
918    #[prost(message, optional, tag = "3")]
919    pub debug_trace: ::core::option::Option<DebugInformation>,
920}
921/// ExpandPermissionTreeRequest returns a tree representing the expansion of all
922/// relationships found accessible from a permission or relation on a particular
923/// resource.
924///
925/// ExpandPermissionTreeRequest is typically used to determine the full set of
926/// subjects with a permission, along with the relationships that grant said
927/// access.
928#[derive(Clone, PartialEq, ::prost::Message)]
929pub struct ExpandPermissionTreeRequest {
930    #[prost(message, optional, tag = "1")]
931    pub consistency: ::core::option::Option<Consistency>,
932    /// resource is the resource over which to run the expansion.
933    #[prost(message, optional, tag = "2")]
934    pub resource: ::core::option::Option<ObjectReference>,
935    /// permission is the name of the permission or relation over which to run the
936    /// expansion for the resource.
937    #[prost(string, tag = "3")]
938    pub permission: ::prost::alloc::string::String,
939}
940#[derive(Clone, PartialEq, ::prost::Message)]
941pub struct ExpandPermissionTreeResponse {
942    #[prost(message, optional, tag = "1")]
943    pub expanded_at: ::core::option::Option<ZedToken>,
944    /// tree_root is a tree structure whose leaf nodes are subjects, and
945    /// intermediate nodes represent the various operations (union, intersection,
946    /// exclusion) to reach those subjects.
947    #[prost(message, optional, tag = "2")]
948    pub tree_root: ::core::option::Option<PermissionRelationshipTree>,
949}
950/// LookupResourcesRequest performs a lookup of all resources of a particular
951/// kind on which the subject has the specified permission or the relation in
952/// which the subject exists, streaming back the IDs of those resources.
953#[derive(Clone, PartialEq, ::prost::Message)]
954pub struct LookupResourcesRequest {
955    #[prost(message, optional, tag = "1")]
956    pub consistency: ::core::option::Option<Consistency>,
957    /// resource_object_type is the type of resource object for which the IDs will
958    /// be returned.
959    #[prost(string, tag = "2")]
960    pub resource_object_type: ::prost::alloc::string::String,
961    /// permission is the name of the permission or relation for which the subject
962    /// must Check.
963    #[prost(string, tag = "3")]
964    pub permission: ::prost::alloc::string::String,
965    /// subject is the subject with access to the resources.
966    #[prost(message, optional, tag = "4")]
967    pub subject: ::core::option::Option<SubjectReference>,
968    /// context consists of named values that are injected into the caveat evaluation context
969    #[prost(message, optional, tag = "5")]
970    pub context: ::core::option::Option<::prost_types::Struct>,
971    /// optional_limit, if non-zero, specifies the limit on the number of resources to return
972    /// before the stream is closed on the server side. By default, the stream will continue
973    /// resolving resources until exhausted or the stream is closed due to the client or a
974    /// network issue.
975    #[prost(uint32, tag = "6")]
976    pub optional_limit: u32,
977    /// optional_cursor, if specified, indicates the cursor after which results should resume being returned.
978    /// The cursor can be found on the LookupResourcesResponse object.
979    #[prost(message, optional, tag = "7")]
980    pub optional_cursor: ::core::option::Option<Cursor>,
981}
982/// LookupResourcesResponse contains a single matching resource object ID for the
983/// requested object type, permission, and subject.
984#[derive(Clone, PartialEq, ::prost::Message)]
985pub struct LookupResourcesResponse {
986    /// looked_up_at is the ZedToken at which the resource was found.
987    #[prost(message, optional, tag = "1")]
988    pub looked_up_at: ::core::option::Option<ZedToken>,
989    /// resource_object_id is the object ID of the found resource.
990    #[prost(string, tag = "2")]
991    pub resource_object_id: ::prost::alloc::string::String,
992    /// permissionship indicates whether the response was partially evaluated or not
993    #[prost(enumeration = "LookupPermissionship", tag = "3")]
994    pub permissionship: i32,
995    /// partial_caveat_info holds information of a partially-evaluated caveated response
996    #[prost(message, optional, tag = "4")]
997    pub partial_caveat_info: ::core::option::Option<PartialCaveatInfo>,
998    /// after_result_cursor holds a cursor that can be used to resume the LookupResources stream after this
999    /// result.
1000    #[prost(message, optional, tag = "5")]
1001    pub after_result_cursor: ::core::option::Option<Cursor>,
1002}
1003/// LookupSubjectsRequest performs a lookup of all subjects of a particular
1004/// kind for which the subject has the specified permission or the relation in
1005/// which the subject exists, streaming back the IDs of those subjects.
1006#[derive(Clone, PartialEq, ::prost::Message)]
1007pub struct LookupSubjectsRequest {
1008    #[prost(message, optional, tag = "1")]
1009    pub consistency: ::core::option::Option<Consistency>,
1010    /// resource is the resource for which all matching subjects for the permission
1011    /// or relation will be returned.
1012    #[prost(message, optional, tag = "2")]
1013    pub resource: ::core::option::Option<ObjectReference>,
1014    /// permission is the name of the permission (or relation) for which to find
1015    /// the subjects.
1016    #[prost(string, tag = "3")]
1017    pub permission: ::prost::alloc::string::String,
1018    /// subject_object_type is the type of subject object for which the IDs will
1019    /// be returned.
1020    #[prost(string, tag = "4")]
1021    pub subject_object_type: ::prost::alloc::string::String,
1022    /// optional_subject_relation is the optional relation for the subject.
1023    #[prost(string, tag = "5")]
1024    pub optional_subject_relation: ::prost::alloc::string::String,
1025    /// context consists of named values that are injected into the caveat evaluation context
1026    #[prost(message, optional, tag = "6")]
1027    pub context: ::core::option::Option<::prost_types::Struct>,
1028    /// optional_concrete_limit is currently unimplemented for LookupSubjects
1029    /// and will return an error as of SpiceDB version 1.40.1. This will
1030    /// be implemented in a future version of SpiceDB.
1031    #[prost(uint32, tag = "7")]
1032    pub optional_concrete_limit: u32,
1033    /// optional_cursor is currently unimplemented for LookupSubjects
1034    /// and will be ignored as of SpiceDB version 1.40.1. This will
1035    /// be implemented in a future version of SpiceDB.
1036    #[prost(message, optional, tag = "8")]
1037    pub optional_cursor: ::core::option::Option<Cursor>,
1038    /// wildcard_option specifies whether wildcards should be returned by LookupSubjects.
1039    /// For backwards compatibility, defaults to WILDCARD_OPTION_INCLUDE_WILDCARDS if unspecified.
1040    #[prost(enumeration = "lookup_subjects_request::WildcardOption", tag = "9")]
1041    pub wildcard_option: i32,
1042}
1043/// Nested message and enum types in `LookupSubjectsRequest`.
1044pub mod lookup_subjects_request {
1045    #[derive(
1046        Clone,
1047        Copy,
1048        Debug,
1049        PartialEq,
1050        Eq,
1051        Hash,
1052        PartialOrd,
1053        Ord,
1054        ::prost::Enumeration
1055    )]
1056    #[repr(i32)]
1057    pub enum WildcardOption {
1058        Unspecified = 0,
1059        IncludeWildcards = 1,
1060        ExcludeWildcards = 2,
1061    }
1062    impl WildcardOption {
1063        /// String value of the enum field names used in the ProtoBuf definition.
1064        ///
1065        /// The values are not transformed in any way and thus are considered stable
1066        /// (if the ProtoBuf definition does not change) and safe for programmatic use.
1067        pub fn as_str_name(&self) -> &'static str {
1068            match self {
1069                Self::Unspecified => "WILDCARD_OPTION_UNSPECIFIED",
1070                Self::IncludeWildcards => "WILDCARD_OPTION_INCLUDE_WILDCARDS",
1071                Self::ExcludeWildcards => "WILDCARD_OPTION_EXCLUDE_WILDCARDS",
1072            }
1073        }
1074        /// Creates an enum from field names used in the ProtoBuf definition.
1075        pub fn from_str_name(value: &str) -> ::core::option::Option<Self> {
1076            match value {
1077                "WILDCARD_OPTION_UNSPECIFIED" => Some(Self::Unspecified),
1078                "WILDCARD_OPTION_INCLUDE_WILDCARDS" => Some(Self::IncludeWildcards),
1079                "WILDCARD_OPTION_EXCLUDE_WILDCARDS" => Some(Self::ExcludeWildcards),
1080                _ => None,
1081            }
1082        }
1083    }
1084}
1085/// LookupSubjectsResponse contains a single matching subject object ID for the
1086/// requested subject object type on the permission or relation.
1087#[derive(Clone, PartialEq, ::prost::Message)]
1088pub struct LookupSubjectsResponse {
1089    #[prost(message, optional, tag = "1")]
1090    pub looked_up_at: ::core::option::Option<ZedToken>,
1091    /// subject_object_id is the Object ID of the subject found. May be a `*` if
1092    /// a wildcard was found.
1093    /// deprecated: use `subject`
1094    #[deprecated]
1095    #[prost(string, tag = "2")]
1096    pub subject_object_id: ::prost::alloc::string::String,
1097    /// excluded_subject_ids are the Object IDs of the subjects excluded. This list
1098    /// will only contain object IDs if `subject_object_id` is a wildcard (`*`) and
1099    /// will only be populated if exclusions exist from the wildcard.
1100    /// deprecated: use `excluded_subjects`
1101    #[deprecated]
1102    #[prost(string, repeated, tag = "3")]
1103    pub excluded_subject_ids: ::prost::alloc::vec::Vec<::prost::alloc::string::String>,
1104    /// permissionship indicates whether the response was partially evaluated or not
1105    /// deprecated: use `subject.permissionship`
1106    #[deprecated]
1107    #[prost(enumeration = "LookupPermissionship", tag = "4")]
1108    pub permissionship: i32,
1109    /// partial_caveat_info holds information of a partially-evaluated caveated response
1110    /// deprecated: use `subject.partial_caveat_info`
1111    #[deprecated]
1112    #[prost(message, optional, tag = "5")]
1113    pub partial_caveat_info: ::core::option::Option<PartialCaveatInfo>,
1114    /// subject is the subject found, along with its permissionship.
1115    #[prost(message, optional, tag = "6")]
1116    pub subject: ::core::option::Option<ResolvedSubject>,
1117    /// excluded_subjects are the subjects excluded. This list
1118    /// will only contain subjects if `subject.subject_object_id` is a wildcard (`*`) and
1119    /// will only be populated if exclusions exist from the wildcard.
1120    #[prost(message, repeated, tag = "7")]
1121    pub excluded_subjects: ::prost::alloc::vec::Vec<ResolvedSubject>,
1122    /// after_result_cursor holds a cursor that can be used to resume the LookupSubjects stream after this
1123    /// result.
1124    #[prost(message, optional, tag = "8")]
1125    pub after_result_cursor: ::core::option::Option<Cursor>,
1126}
1127/// ResolvedSubject is a single subject resolved within LookupSubjects.
1128#[derive(Clone, PartialEq, ::prost::Message)]
1129pub struct ResolvedSubject {
1130    /// subject_object_id is the Object ID of the subject found. May be a `*` if
1131    /// a wildcard was found.
1132    #[prost(string, tag = "1")]
1133    pub subject_object_id: ::prost::alloc::string::String,
1134    /// permissionship indicates whether the response was partially evaluated or not
1135    #[prost(enumeration = "LookupPermissionship", tag = "2")]
1136    pub permissionship: i32,
1137    /// partial_caveat_info holds information of a partially-evaluated caveated response
1138    #[prost(message, optional, tag = "3")]
1139    pub partial_caveat_info: ::core::option::Option<PartialCaveatInfo>,
1140}
1141/// ImportBulkRelationshipsRequest represents one batch of the streaming
1142/// ImportBulkRelationships API. The maximum size is only limited by the backing
1143/// datastore, and optimal size should be determined by the calling client
1144/// experimentally. When ImportBulk is invoked and receives its first request message,
1145/// a transaction is opened to import the relationships. All requests sent to the same
1146/// invocation are executed under this single transaction. If a relationship already
1147/// exists within the datastore, the entire transaction will fail with an error.
1148#[derive(Clone, PartialEq, ::prost::Message)]
1149pub struct ImportBulkRelationshipsRequest {
1150    #[prost(message, repeated, tag = "1")]
1151    pub relationships: ::prost::alloc::vec::Vec<Relationship>,
1152}
1153/// ImportBulkRelationshipsResponse is returned on successful completion of the
1154/// bulk load stream, and contains the total number of relationships loaded.
1155#[derive(Clone, Copy, PartialEq, ::prost::Message)]
1156pub struct ImportBulkRelationshipsResponse {
1157    #[prost(uint64, tag = "1")]
1158    pub num_loaded: u64,
1159}
1160/// ExportBulkRelationshipsRequest represents a resumable request for
1161/// all relationships from the server.
1162#[derive(Clone, PartialEq, ::prost::Message)]
1163pub struct ExportBulkRelationshipsRequest {
1164    #[prost(message, optional, tag = "1")]
1165    pub consistency: ::core::option::Option<Consistency>,
1166    /// optional_limit, if non-zero, specifies the limit on the number of
1167    /// relationships the server can return in one page. By default, the server
1168    /// will pick a page size, and the server is free to choose a smaller size
1169    /// at will.
1170    #[prost(uint32, tag = "2")]
1171    pub optional_limit: u32,
1172    /// optional_cursor, if specified, indicates the cursor after which results
1173    /// should resume being returned. The cursor can be found on the
1174    /// BulkExportRelationshipsResponse object.
1175    #[prost(message, optional, tag = "3")]
1176    pub optional_cursor: ::core::option::Option<Cursor>,
1177    /// optional_relationship_filter, if specified, indicates the
1178    /// filter to apply to each relationship to be exported.
1179    #[prost(message, optional, tag = "4")]
1180    pub optional_relationship_filter: ::core::option::Option<RelationshipFilter>,
1181}
1182/// ExportBulkRelationshipsResponse is one page in a stream of relationship
1183/// groups that meet the criteria specified by the originating request. The
1184/// server will continue to stream back relationship groups as quickly as it can
1185/// until all relationships have been transmitted back.
1186#[derive(Clone, PartialEq, ::prost::Message)]
1187pub struct ExportBulkRelationshipsResponse {
1188    #[prost(message, optional, tag = "1")]
1189    pub after_result_cursor: ::core::option::Option<Cursor>,
1190    #[prost(message, repeated, tag = "2")]
1191    pub relationships: ::prost::alloc::vec::Vec<Relationship>,
1192}
1193/// LookupPermissionship represents whether a Lookup response was partially evaluated or not
1194#[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, PartialOrd, Ord, ::prost::Enumeration)]
1195#[repr(i32)]
1196pub enum LookupPermissionship {
1197    Unspecified = 0,
1198    HasPermission = 1,
1199    ConditionalPermission = 2,
1200}
1201impl LookupPermissionship {
1202    /// String value of the enum field names used in the ProtoBuf definition.
1203    ///
1204    /// The values are not transformed in any way and thus are considered stable
1205    /// (if the ProtoBuf definition does not change) and safe for programmatic use.
1206    pub fn as_str_name(&self) -> &'static str {
1207        match self {
1208            Self::Unspecified => "LOOKUP_PERMISSIONSHIP_UNSPECIFIED",
1209            Self::HasPermission => "LOOKUP_PERMISSIONSHIP_HAS_PERMISSION",
1210            Self::ConditionalPermission => "LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION",
1211        }
1212    }
1213    /// Creates an enum from field names used in the ProtoBuf definition.
1214    pub fn from_str_name(value: &str) -> ::core::option::Option<Self> {
1215        match value {
1216            "LOOKUP_PERMISSIONSHIP_UNSPECIFIED" => Some(Self::Unspecified),
1217            "LOOKUP_PERMISSIONSHIP_HAS_PERMISSION" => Some(Self::HasPermission),
1218            "LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION" => {
1219                Some(Self::ConditionalPermission)
1220            }
1221            _ => None,
1222        }
1223    }
1224}
1225/// Generated client implementations.
1226pub mod permissions_service_client {
1227    #![allow(
1228        unused_variables,
1229        dead_code,
1230        missing_docs,
1231        clippy::wildcard_imports,
1232        clippy::let_unit_value,
1233    )]
1234    use tonic::codegen::*;
1235    use tonic::codegen::http::Uri;
1236    /// PermissionsService implements a set of RPCs that perform operations on
1237    /// relationships and permissions.
1238    #[derive(Debug, Clone)]
1239    pub struct PermissionsServiceClient<T> {
1240        inner: tonic::client::Grpc<T>,
1241    }
1242    impl PermissionsServiceClient<tonic::transport::Channel> {
1243        /// Attempt to create a new client by connecting to a given endpoint.
1244        pub async fn connect<D>(dst: D) -> Result<Self, tonic::transport::Error>
1245        where
1246            D: TryInto<tonic::transport::Endpoint>,
1247            D::Error: Into<StdError>,
1248        {
1249            let conn = tonic::transport::Endpoint::new(dst)?.connect().await?;
1250            Ok(Self::new(conn))
1251        }
1252    }
1253    impl<T> PermissionsServiceClient<T>
1254    where
1255        T: tonic::client::GrpcService<tonic::body::BoxBody>,
1256        T::Error: Into<StdError>,
1257        T::ResponseBody: Body<Data = Bytes> + std::marker::Send + 'static,
1258        <T::ResponseBody as Body>::Error: Into<StdError> + std::marker::Send,
1259    {
1260        pub fn new(inner: T) -> Self {
1261            let inner = tonic::client::Grpc::new(inner);
1262            Self { inner }
1263        }
1264        pub fn with_origin(inner: T, origin: Uri) -> Self {
1265            let inner = tonic::client::Grpc::with_origin(inner, origin);
1266            Self { inner }
1267        }
1268        pub fn with_interceptor<F>(
1269            inner: T,
1270            interceptor: F,
1271        ) -> PermissionsServiceClient<InterceptedService<T, F>>
1272        where
1273            F: tonic::service::Interceptor,
1274            T::ResponseBody: Default,
1275            T: tonic::codegen::Service<
1276                http::Request<tonic::body::BoxBody>,
1277                Response = http::Response<
1278                    <T as tonic::client::GrpcService<tonic::body::BoxBody>>::ResponseBody,
1279                >,
1280            >,
1281            <T as tonic::codegen::Service<
1282                http::Request<tonic::body::BoxBody>,
1283            >>::Error: Into<StdError> + std::marker::Send + std::marker::Sync,
1284        {
1285            PermissionsServiceClient::new(InterceptedService::new(inner, interceptor))
1286        }
1287        /// Compress requests with the given encoding.
1288        ///
1289        /// This requires the server to support it otherwise it might respond with an
1290        /// error.
1291        #[must_use]
1292        pub fn send_compressed(mut self, encoding: CompressionEncoding) -> Self {
1293            self.inner = self.inner.send_compressed(encoding);
1294            self
1295        }
1296        /// Enable decompressing responses.
1297        #[must_use]
1298        pub fn accept_compressed(mut self, encoding: CompressionEncoding) -> Self {
1299            self.inner = self.inner.accept_compressed(encoding);
1300            self
1301        }
1302        /// Limits the maximum size of a decoded message.
1303        ///
1304        /// Default: `4MB`
1305        #[must_use]
1306        pub fn max_decoding_message_size(mut self, limit: usize) -> Self {
1307            self.inner = self.inner.max_decoding_message_size(limit);
1308            self
1309        }
1310        /// Limits the maximum size of an encoded message.
1311        ///
1312        /// Default: `usize::MAX`
1313        #[must_use]
1314        pub fn max_encoding_message_size(mut self, limit: usize) -> Self {
1315            self.inner = self.inner.max_encoding_message_size(limit);
1316            self
1317        }
1318        /// ReadRelationships reads a set of the relationships matching one or more
1319        /// filters.
1320        pub async fn read_relationships(
1321            &mut self,
1322            request: impl tonic::IntoRequest<super::ReadRelationshipsRequest>,
1323        ) -> std::result::Result<
1324            tonic::Response<tonic::codec::Streaming<super::ReadRelationshipsResponse>>,
1325            tonic::Status,
1326        > {
1327            self.inner
1328                .ready()
1329                .await
1330                .map_err(|e| {
1331                    tonic::Status::unknown(
1332                        format!("Service was not ready: {}", e.into()),
1333                    )
1334                })?;
1335            let codec = tonic::codec::ProstCodec::default();
1336            let path = http::uri::PathAndQuery::from_static(
1337                "/authzed.api.v1.PermissionsService/ReadRelationships",
1338            );
1339            let mut req = request.into_request();
1340            req.extensions_mut()
1341                .insert(
1342                    GrpcMethod::new(
1343                        "authzed.api.v1.PermissionsService",
1344                        "ReadRelationships",
1345                    ),
1346                );
1347            self.inner.server_streaming(req, path, codec).await
1348        }
1349        /// WriteRelationships atomically writes and/or deletes a set of specified
1350        /// relationships. An optional set of preconditions can be provided that must
1351        /// be satisfied for the operation to commit.
1352        pub async fn write_relationships(
1353            &mut self,
1354            request: impl tonic::IntoRequest<super::WriteRelationshipsRequest>,
1355        ) -> std::result::Result<
1356            tonic::Response<super::WriteRelationshipsResponse>,
1357            tonic::Status,
1358        > {
1359            self.inner
1360                .ready()
1361                .await
1362                .map_err(|e| {
1363                    tonic::Status::unknown(
1364                        format!("Service was not ready: {}", e.into()),
1365                    )
1366                })?;
1367            let codec = tonic::codec::ProstCodec::default();
1368            let path = http::uri::PathAndQuery::from_static(
1369                "/authzed.api.v1.PermissionsService/WriteRelationships",
1370            );
1371            let mut req = request.into_request();
1372            req.extensions_mut()
1373                .insert(
1374                    GrpcMethod::new(
1375                        "authzed.api.v1.PermissionsService",
1376                        "WriteRelationships",
1377                    ),
1378                );
1379            self.inner.unary(req, path, codec).await
1380        }
1381        /// DeleteRelationships atomically bulk deletes all relationships matching the
1382        /// provided filter. If no relationships match, none will be deleted and the
1383        /// operation will succeed. An optional set of preconditions can be provided that must
1384        /// be satisfied for the operation to commit.
1385        pub async fn delete_relationships(
1386            &mut self,
1387            request: impl tonic::IntoRequest<super::DeleteRelationshipsRequest>,
1388        ) -> std::result::Result<
1389            tonic::Response<super::DeleteRelationshipsResponse>,
1390            tonic::Status,
1391        > {
1392            self.inner
1393                .ready()
1394                .await
1395                .map_err(|e| {
1396                    tonic::Status::unknown(
1397                        format!("Service was not ready: {}", e.into()),
1398                    )
1399                })?;
1400            let codec = tonic::codec::ProstCodec::default();
1401            let path = http::uri::PathAndQuery::from_static(
1402                "/authzed.api.v1.PermissionsService/DeleteRelationships",
1403            );
1404            let mut req = request.into_request();
1405            req.extensions_mut()
1406                .insert(
1407                    GrpcMethod::new(
1408                        "authzed.api.v1.PermissionsService",
1409                        "DeleteRelationships",
1410                    ),
1411                );
1412            self.inner.unary(req, path, codec).await
1413        }
1414        /// CheckPermission determines for a given resource whether a subject computes
1415        /// to having a permission or is a direct member of a particular relation.
1416        pub async fn check_permission(
1417            &mut self,
1418            request: impl tonic::IntoRequest<super::CheckPermissionRequest>,
1419        ) -> std::result::Result<
1420            tonic::Response<super::CheckPermissionResponse>,
1421            tonic::Status,
1422        > {
1423            self.inner
1424                .ready()
1425                .await
1426                .map_err(|e| {
1427                    tonic::Status::unknown(
1428                        format!("Service was not ready: {}", e.into()),
1429                    )
1430                })?;
1431            let codec = tonic::codec::ProstCodec::default();
1432            let path = http::uri::PathAndQuery::from_static(
1433                "/authzed.api.v1.PermissionsService/CheckPermission",
1434            );
1435            let mut req = request.into_request();
1436            req.extensions_mut()
1437                .insert(
1438                    GrpcMethod::new(
1439                        "authzed.api.v1.PermissionsService",
1440                        "CheckPermission",
1441                    ),
1442                );
1443            self.inner.unary(req, path, codec).await
1444        }
1445        /// CheckBulkPermissions evaluates the given list of permission checks
1446        /// and returns the list of results.
1447        pub async fn check_bulk_permissions(
1448            &mut self,
1449            request: impl tonic::IntoRequest<super::CheckBulkPermissionsRequest>,
1450        ) -> std::result::Result<
1451            tonic::Response<super::CheckBulkPermissionsResponse>,
1452            tonic::Status,
1453        > {
1454            self.inner
1455                .ready()
1456                .await
1457                .map_err(|e| {
1458                    tonic::Status::unknown(
1459                        format!("Service was not ready: {}", e.into()),
1460                    )
1461                })?;
1462            let codec = tonic::codec::ProstCodec::default();
1463            let path = http::uri::PathAndQuery::from_static(
1464                "/authzed.api.v1.PermissionsService/CheckBulkPermissions",
1465            );
1466            let mut req = request.into_request();
1467            req.extensions_mut()
1468                .insert(
1469                    GrpcMethod::new(
1470                        "authzed.api.v1.PermissionsService",
1471                        "CheckBulkPermissions",
1472                    ),
1473                );
1474            self.inner.unary(req, path, codec).await
1475        }
1476        /// ExpandPermissionTree reveals the graph structure for a resource's
1477        /// permission or relation. This RPC does not recurse infinitely deep and may
1478        /// require multiple calls to fully unnest a deeply nested graph.
1479        pub async fn expand_permission_tree(
1480            &mut self,
1481            request: impl tonic::IntoRequest<super::ExpandPermissionTreeRequest>,
1482        ) -> std::result::Result<
1483            tonic::Response<super::ExpandPermissionTreeResponse>,
1484            tonic::Status,
1485        > {
1486            self.inner
1487                .ready()
1488                .await
1489                .map_err(|e| {
1490                    tonic::Status::unknown(
1491                        format!("Service was not ready: {}", e.into()),
1492                    )
1493                })?;
1494            let codec = tonic::codec::ProstCodec::default();
1495            let path = http::uri::PathAndQuery::from_static(
1496                "/authzed.api.v1.PermissionsService/ExpandPermissionTree",
1497            );
1498            let mut req = request.into_request();
1499            req.extensions_mut()
1500                .insert(
1501                    GrpcMethod::new(
1502                        "authzed.api.v1.PermissionsService",
1503                        "ExpandPermissionTree",
1504                    ),
1505                );
1506            self.inner.unary(req, path, codec).await
1507        }
1508        /// LookupResources returns all the resources of a given type that a subject
1509        /// can access whether via a computed permission or relation membership.
1510        pub async fn lookup_resources(
1511            &mut self,
1512            request: impl tonic::IntoRequest<super::LookupResourcesRequest>,
1513        ) -> std::result::Result<
1514            tonic::Response<tonic::codec::Streaming<super::LookupResourcesResponse>>,
1515            tonic::Status,
1516        > {
1517            self.inner
1518                .ready()
1519                .await
1520                .map_err(|e| {
1521                    tonic::Status::unknown(
1522                        format!("Service was not ready: {}", e.into()),
1523                    )
1524                })?;
1525            let codec = tonic::codec::ProstCodec::default();
1526            let path = http::uri::PathAndQuery::from_static(
1527                "/authzed.api.v1.PermissionsService/LookupResources",
1528            );
1529            let mut req = request.into_request();
1530            req.extensions_mut()
1531                .insert(
1532                    GrpcMethod::new(
1533                        "authzed.api.v1.PermissionsService",
1534                        "LookupResources",
1535                    ),
1536                );
1537            self.inner.server_streaming(req, path, codec).await
1538        }
1539        /// LookupSubjects returns all the subjects of a given type that
1540        /// have access whether via a computed permission or relation membership.
1541        pub async fn lookup_subjects(
1542            &mut self,
1543            request: impl tonic::IntoRequest<super::LookupSubjectsRequest>,
1544        ) -> std::result::Result<
1545            tonic::Response<tonic::codec::Streaming<super::LookupSubjectsResponse>>,
1546            tonic::Status,
1547        > {
1548            self.inner
1549                .ready()
1550                .await
1551                .map_err(|e| {
1552                    tonic::Status::unknown(
1553                        format!("Service was not ready: {}", e.into()),
1554                    )
1555                })?;
1556            let codec = tonic::codec::ProstCodec::default();
1557            let path = http::uri::PathAndQuery::from_static(
1558                "/authzed.api.v1.PermissionsService/LookupSubjects",
1559            );
1560            let mut req = request.into_request();
1561            req.extensions_mut()
1562                .insert(
1563                    GrpcMethod::new(
1564                        "authzed.api.v1.PermissionsService",
1565                        "LookupSubjects",
1566                    ),
1567                );
1568            self.inner.server_streaming(req, path, codec).await
1569        }
1570        /// ImportBulkRelationships is a faster path to writing a large number of
1571        /// relationships at once. It is both batched and streaming. For maximum
1572        /// performance, the caller should attempt to write relationships in as close
1573        /// to relationship sort order as possible: (resource.object_type,
1574        /// resource.object_id, relation, subject.object.object_type,
1575        /// subject.object.object_id, subject.optional_relation). All relationships
1576        /// written are done so under a single transaction.
1577        pub async fn import_bulk_relationships(
1578            &mut self,
1579            request: impl tonic::IntoStreamingRequest<
1580                Message = super::ImportBulkRelationshipsRequest,
1581            >,
1582        ) -> std::result::Result<
1583            tonic::Response<super::ImportBulkRelationshipsResponse>,
1584            tonic::Status,
1585        > {
1586            self.inner
1587                .ready()
1588                .await
1589                .map_err(|e| {
1590                    tonic::Status::unknown(
1591                        format!("Service was not ready: {}", e.into()),
1592                    )
1593                })?;
1594            let codec = tonic::codec::ProstCodec::default();
1595            let path = http::uri::PathAndQuery::from_static(
1596                "/authzed.api.v1.PermissionsService/ImportBulkRelationships",
1597            );
1598            let mut req = request.into_streaming_request();
1599            req.extensions_mut()
1600                .insert(
1601                    GrpcMethod::new(
1602                        "authzed.api.v1.PermissionsService",
1603                        "ImportBulkRelationships",
1604                    ),
1605                );
1606            self.inner.client_streaming(req, path, codec).await
1607        }
1608        /// ExportBulkRelationships is the fastest path available to exporting
1609        /// relationships from the server. It is resumable, and will return results
1610        /// in an order determined by the server.
1611        pub async fn export_bulk_relationships(
1612            &mut self,
1613            request: impl tonic::IntoRequest<super::ExportBulkRelationshipsRequest>,
1614        ) -> std::result::Result<
1615            tonic::Response<
1616                tonic::codec::Streaming<super::ExportBulkRelationshipsResponse>,
1617            >,
1618            tonic::Status,
1619        > {
1620            self.inner
1621                .ready()
1622                .await
1623                .map_err(|e| {
1624                    tonic::Status::unknown(
1625                        format!("Service was not ready: {}", e.into()),
1626                    )
1627                })?;
1628            let codec = tonic::codec::ProstCodec::default();
1629            let path = http::uri::PathAndQuery::from_static(
1630                "/authzed.api.v1.PermissionsService/ExportBulkRelationships",
1631            );
1632            let mut req = request.into_request();
1633            req.extensions_mut()
1634                .insert(
1635                    GrpcMethod::new(
1636                        "authzed.api.v1.PermissionsService",
1637                        "ExportBulkRelationships",
1638                    ),
1639                );
1640            self.inner.server_streaming(req, path, codec).await
1641        }
1642    }
1643}
1644/// ReadSchemaRequest returns the schema from the database.
1645#[derive(Clone, Copy, PartialEq, ::prost::Message)]
1646pub struct ReadSchemaRequest {}
1647/// ReadSchemaResponse is the resulting data after having read the Object
1648/// Definitions from a Schema.
1649#[derive(Clone, PartialEq, ::prost::Message)]
1650pub struct ReadSchemaResponse {
1651    /// schema_text is the textual form of the current schema in the system
1652    #[prost(string, tag = "1")]
1653    pub schema_text: ::prost::alloc::string::String,
1654    /// read_at is the ZedToken at which the schema was read.
1655    #[prost(message, optional, tag = "2")]
1656    pub read_at: ::core::option::Option<ZedToken>,
1657}
1658/// WriteSchemaRequest is the required data used to "upsert" the Schema of a
1659/// Permissions System.
1660#[derive(Clone, PartialEq, ::prost::Message)]
1661pub struct WriteSchemaRequest {
1662    /// The Schema containing one or more Object Definitions that will be written
1663    /// to the Permissions System.
1664    ///
1665    /// 4MiB
1666    #[prost(string, tag = "1")]
1667    pub schema: ::prost::alloc::string::String,
1668}
1669/// WriteSchemaResponse is the resulting data after having written a Schema to
1670/// a Permissions System.
1671#[derive(Clone, PartialEq, ::prost::Message)]
1672pub struct WriteSchemaResponse {
1673    /// written_at is the ZedToken at which the schema was written.
1674    #[prost(message, optional, tag = "1")]
1675    pub written_at: ::core::option::Option<ZedToken>,
1676}
1677#[derive(Clone, PartialEq, ::prost::Message)]
1678pub struct ReflectSchemaRequest {
1679    #[prost(message, optional, tag = "1")]
1680    pub consistency: ::core::option::Option<Consistency>,
1681    /// optional_filters defines optional filters that are applied in
1682    /// an OR fashion to the schema, before being returned
1683    #[prost(message, repeated, tag = "2")]
1684    pub optional_filters: ::prost::alloc::vec::Vec<ReflectionSchemaFilter>,
1685}
1686#[derive(Clone, PartialEq, ::prost::Message)]
1687pub struct ReflectSchemaResponse {
1688    /// definitions are the definitions defined in the schema.
1689    #[prost(message, repeated, tag = "1")]
1690    pub definitions: ::prost::alloc::vec::Vec<ReflectionDefinition>,
1691    /// caveats are the caveats defined in the schema.
1692    #[prost(message, repeated, tag = "2")]
1693    pub caveats: ::prost::alloc::vec::Vec<ReflectionCaveat>,
1694    /// read_at is the ZedToken at which the schema was read.
1695    #[prost(message, optional, tag = "3")]
1696    pub read_at: ::core::option::Option<ZedToken>,
1697}
1698/// ReflectionSchemaFilter is a filter that can be applied to the schema on reflection.
1699#[derive(Clone, PartialEq, ::prost::Message)]
1700pub struct ReflectionSchemaFilter {
1701    /// optional_definition_name_filter is a prefix that is matched against the definition name.
1702    #[prost(string, tag = "1")]
1703    pub optional_definition_name_filter: ::prost::alloc::string::String,
1704    /// optional_caveat_name_filter is a prefix that is matched against the caveat name.
1705    #[prost(string, tag = "2")]
1706    pub optional_caveat_name_filter: ::prost::alloc::string::String,
1707    /// optional_relation_name_filter is a prefix that is matched against the relation name.
1708    #[prost(string, tag = "3")]
1709    pub optional_relation_name_filter: ::prost::alloc::string::String,
1710    /// optional_permission_name_filter is a prefix that is matched against the permission name.
1711    #[prost(string, tag = "4")]
1712    pub optional_permission_name_filter: ::prost::alloc::string::String,
1713}
1714/// ReflectionDefinition is the representation of a definition in the schema.
1715#[derive(Clone, PartialEq, ::prost::Message)]
1716pub struct ReflectionDefinition {
1717    #[prost(string, tag = "1")]
1718    pub name: ::prost::alloc::string::String,
1719    /// comment is a human-readable comments on the definition. Will include
1720    /// delimiter characters.
1721    #[prost(string, tag = "2")]
1722    pub comment: ::prost::alloc::string::String,
1723    #[prost(message, repeated, tag = "3")]
1724    pub relations: ::prost::alloc::vec::Vec<ReflectionRelation>,
1725    #[prost(message, repeated, tag = "4")]
1726    pub permissions: ::prost::alloc::vec::Vec<ReflectionPermission>,
1727}
1728/// ReflectionCaveat is the representation of a caveat in the schema.
1729#[derive(Clone, PartialEq, ::prost::Message)]
1730pub struct ReflectionCaveat {
1731    #[prost(string, tag = "1")]
1732    pub name: ::prost::alloc::string::String,
1733    /// comment is a human-readable comments on the caveat. Will include
1734    /// delimiter characters.
1735    #[prost(string, tag = "2")]
1736    pub comment: ::prost::alloc::string::String,
1737    #[prost(message, repeated, tag = "3")]
1738    pub parameters: ::prost::alloc::vec::Vec<ReflectionCaveatParameter>,
1739    #[prost(string, tag = "4")]
1740    pub expression: ::prost::alloc::string::String,
1741}
1742/// ReflectionCaveatParameter is the representation of a parameter in a caveat.
1743#[derive(Clone, PartialEq, ::prost::Message)]
1744pub struct ReflectionCaveatParameter {
1745    #[prost(string, tag = "1")]
1746    pub name: ::prost::alloc::string::String,
1747    /// type is the type of the parameter. Will be a string representing the
1748    /// type, e.g. `int` or `list<string>`
1749    #[prost(string, tag = "2")]
1750    pub r#type: ::prost::alloc::string::String,
1751    #[prost(string, tag = "3")]
1752    pub parent_caveat_name: ::prost::alloc::string::String,
1753}
1754/// ReflectionRelation is the representation of a relation in the schema.
1755#[derive(Clone, PartialEq, ::prost::Message)]
1756pub struct ReflectionRelation {
1757    #[prost(string, tag = "1")]
1758    pub name: ::prost::alloc::string::String,
1759    #[prost(string, tag = "2")]
1760    pub comment: ::prost::alloc::string::String,
1761    #[prost(string, tag = "3")]
1762    pub parent_definition_name: ::prost::alloc::string::String,
1763    #[prost(message, repeated, tag = "4")]
1764    pub subject_types: ::prost::alloc::vec::Vec<ReflectionTypeReference>,
1765}
1766/// ReflectionTypeReference is the representation of a type reference in the schema.
1767#[derive(Clone, PartialEq, ::prost::Message)]
1768pub struct ReflectionTypeReference {
1769    /// subject_definition_name is the name of the subject's definition.
1770    #[prost(string, tag = "1")]
1771    pub subject_definition_name: ::prost::alloc::string::String,
1772    /// optional_caveat_name is the name of the caveat that is applied to the subject, if any.
1773    #[prost(string, tag = "2")]
1774    pub optional_caveat_name: ::prost::alloc::string::String,
1775    #[prost(oneof = "reflection_type_reference::Typeref", tags = "3, 4, 5")]
1776    pub typeref: ::core::option::Option<reflection_type_reference::Typeref>,
1777}
1778/// Nested message and enum types in `ReflectionTypeReference`.
1779pub mod reflection_type_reference {
1780    #[derive(Clone, PartialEq, ::prost::Oneof)]
1781    pub enum Typeref {
1782        /// is_terminal_subject is true if the subject is terminal, meaning it is referenced directly vs a sub-relation.
1783        #[prost(bool, tag = "3")]
1784        IsTerminalSubject(bool),
1785        /// optional_relation_name is the name of the relation that is applied to the subject, if any.
1786        #[prost(string, tag = "4")]
1787        OptionalRelationName(::prost::alloc::string::String),
1788        /// is_public_wildcard is true if the subject is a public wildcard.
1789        #[prost(bool, tag = "5")]
1790        IsPublicWildcard(bool),
1791    }
1792}
1793/// ReflectionPermission is the representation of a permission in the schema.
1794#[derive(Clone, PartialEq, ::prost::Message)]
1795pub struct ReflectionPermission {
1796    #[prost(string, tag = "1")]
1797    pub name: ::prost::alloc::string::String,
1798    /// comment is a human-readable comments on the permission. Will include
1799    /// delimiter characters.
1800    #[prost(string, tag = "2")]
1801    pub comment: ::prost::alloc::string::String,
1802    #[prost(string, tag = "3")]
1803    pub parent_definition_name: ::prost::alloc::string::String,
1804}
1805#[derive(Clone, PartialEq, ::prost::Message)]
1806pub struct ComputablePermissionsRequest {
1807    #[prost(message, optional, tag = "1")]
1808    pub consistency: ::core::option::Option<Consistency>,
1809    #[prost(string, tag = "2")]
1810    pub definition_name: ::prost::alloc::string::String,
1811    #[prost(string, tag = "3")]
1812    pub relation_name: ::prost::alloc::string::String,
1813    /// optional_definition_name_match is a prefix that is matched against the definition name(s)
1814    /// for the permissions returned.
1815    /// If not specified, will be ignored.
1816    #[prost(string, tag = "4")]
1817    pub optional_definition_name_filter: ::prost::alloc::string::String,
1818}
1819/// ReflectionRelationReference is a reference to a relation or permission in the schema.
1820#[derive(Clone, PartialEq, ::prost::Message)]
1821pub struct ReflectionRelationReference {
1822    #[prost(string, tag = "1")]
1823    pub definition_name: ::prost::alloc::string::String,
1824    #[prost(string, tag = "2")]
1825    pub relation_name: ::prost::alloc::string::String,
1826    #[prost(bool, tag = "3")]
1827    pub is_permission: bool,
1828}
1829#[derive(Clone, PartialEq, ::prost::Message)]
1830pub struct ComputablePermissionsResponse {
1831    #[prost(message, repeated, tag = "1")]
1832    pub permissions: ::prost::alloc::vec::Vec<ReflectionRelationReference>,
1833    /// read_at is the ZedToken at which the schema was read.
1834    #[prost(message, optional, tag = "2")]
1835    pub read_at: ::core::option::Option<ZedToken>,
1836}
1837#[derive(Clone, PartialEq, ::prost::Message)]
1838pub struct DependentRelationsRequest {
1839    #[prost(message, optional, tag = "1")]
1840    pub consistency: ::core::option::Option<Consistency>,
1841    #[prost(string, tag = "2")]
1842    pub definition_name: ::prost::alloc::string::String,
1843    #[prost(string, tag = "3")]
1844    pub permission_name: ::prost::alloc::string::String,
1845}
1846#[derive(Clone, PartialEq, ::prost::Message)]
1847pub struct DependentRelationsResponse {
1848    #[prost(message, repeated, tag = "1")]
1849    pub relations: ::prost::alloc::vec::Vec<ReflectionRelationReference>,
1850    /// read_at is the ZedToken at which the schema was read.
1851    #[prost(message, optional, tag = "2")]
1852    pub read_at: ::core::option::Option<ZedToken>,
1853}
1854#[derive(Clone, PartialEq, ::prost::Message)]
1855pub struct DiffSchemaRequest {
1856    #[prost(message, optional, tag = "1")]
1857    pub consistency: ::core::option::Option<Consistency>,
1858    #[prost(string, tag = "2")]
1859    pub comparison_schema: ::prost::alloc::string::String,
1860}
1861#[derive(Clone, PartialEq, ::prost::Message)]
1862pub struct DiffSchemaResponse {
1863    #[prost(message, repeated, tag = "1")]
1864    pub diffs: ::prost::alloc::vec::Vec<ReflectionSchemaDiff>,
1865    /// read_at is the ZedToken at which the schema was read.
1866    #[prost(message, optional, tag = "2")]
1867    pub read_at: ::core::option::Option<ZedToken>,
1868}
1869#[derive(Clone, PartialEq, ::prost::Message)]
1870pub struct ReflectionRelationSubjectTypeChange {
1871    #[prost(message, optional, tag = "1")]
1872    pub relation: ::core::option::Option<ReflectionRelation>,
1873    #[prost(message, optional, tag = "2")]
1874    pub changed_subject_type: ::core::option::Option<ReflectionTypeReference>,
1875}
1876#[derive(Clone, PartialEq, ::prost::Message)]
1877pub struct ReflectionCaveatParameterTypeChange {
1878    #[prost(message, optional, tag = "1")]
1879    pub parameter: ::core::option::Option<ReflectionCaveatParameter>,
1880    #[prost(string, tag = "2")]
1881    pub previous_type: ::prost::alloc::string::String,
1882}
1883/// ReflectionSchemaDiff is the representation of a diff between two schemas.
1884#[derive(Clone, PartialEq, ::prost::Message)]
1885pub struct ReflectionSchemaDiff {
1886    #[prost(
1887        oneof = "reflection_schema_diff::Diff",
1888        tags = "1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19"
1889    )]
1890    pub diff: ::core::option::Option<reflection_schema_diff::Diff>,
1891}
1892/// Nested message and enum types in `ReflectionSchemaDiff`.
1893pub mod reflection_schema_diff {
1894    #[derive(Clone, PartialEq, ::prost::Oneof)]
1895    pub enum Diff {
1896        #[prost(message, tag = "1")]
1897        DefinitionAdded(super::ReflectionDefinition),
1898        #[prost(message, tag = "2")]
1899        DefinitionRemoved(super::ReflectionDefinition),
1900        #[prost(message, tag = "3")]
1901        DefinitionDocCommentChanged(super::ReflectionDefinition),
1902        #[prost(message, tag = "4")]
1903        RelationAdded(super::ReflectionRelation),
1904        #[prost(message, tag = "5")]
1905        RelationRemoved(super::ReflectionRelation),
1906        #[prost(message, tag = "6")]
1907        RelationDocCommentChanged(super::ReflectionRelation),
1908        #[prost(message, tag = "7")]
1909        RelationSubjectTypeAdded(super::ReflectionRelationSubjectTypeChange),
1910        #[prost(message, tag = "8")]
1911        RelationSubjectTypeRemoved(super::ReflectionRelationSubjectTypeChange),
1912        #[prost(message, tag = "9")]
1913        PermissionAdded(super::ReflectionPermission),
1914        #[prost(message, tag = "10")]
1915        PermissionRemoved(super::ReflectionPermission),
1916        #[prost(message, tag = "11")]
1917        PermissionDocCommentChanged(super::ReflectionPermission),
1918        #[prost(message, tag = "12")]
1919        PermissionExprChanged(super::ReflectionPermission),
1920        #[prost(message, tag = "13")]
1921        CaveatAdded(super::ReflectionCaveat),
1922        #[prost(message, tag = "14")]
1923        CaveatRemoved(super::ReflectionCaveat),
1924        #[prost(message, tag = "15")]
1925        CaveatDocCommentChanged(super::ReflectionCaveat),
1926        #[prost(message, tag = "16")]
1927        CaveatExprChanged(super::ReflectionCaveat),
1928        #[prost(message, tag = "17")]
1929        CaveatParameterAdded(super::ReflectionCaveatParameter),
1930        #[prost(message, tag = "18")]
1931        CaveatParameterRemoved(super::ReflectionCaveatParameter),
1932        #[prost(message, tag = "19")]
1933        CaveatParameterTypeChanged(super::ReflectionCaveatParameterTypeChange),
1934    }
1935}
1936/// Generated client implementations.
1937pub mod schema_service_client {
1938    #![allow(
1939        unused_variables,
1940        dead_code,
1941        missing_docs,
1942        clippy::wildcard_imports,
1943        clippy::let_unit_value,
1944    )]
1945    use tonic::codegen::*;
1946    use tonic::codegen::http::Uri;
1947    /// SchemaService implements operations on a Permissions System's Schema.
1948    #[derive(Debug, Clone)]
1949    pub struct SchemaServiceClient<T> {
1950        inner: tonic::client::Grpc<T>,
1951    }
1952    impl SchemaServiceClient<tonic::transport::Channel> {
1953        /// Attempt to create a new client by connecting to a given endpoint.
1954        pub async fn connect<D>(dst: D) -> Result<Self, tonic::transport::Error>
1955        where
1956            D: TryInto<tonic::transport::Endpoint>,
1957            D::Error: Into<StdError>,
1958        {
1959            let conn = tonic::transport::Endpoint::new(dst)?.connect().await?;
1960            Ok(Self::new(conn))
1961        }
1962    }
1963    impl<T> SchemaServiceClient<T>
1964    where
1965        T: tonic::client::GrpcService<tonic::body::BoxBody>,
1966        T::Error: Into<StdError>,
1967        T::ResponseBody: Body<Data = Bytes> + std::marker::Send + 'static,
1968        <T::ResponseBody as Body>::Error: Into<StdError> + std::marker::Send,
1969    {
1970        pub fn new(inner: T) -> Self {
1971            let inner = tonic::client::Grpc::new(inner);
1972            Self { inner }
1973        }
1974        pub fn with_origin(inner: T, origin: Uri) -> Self {
1975            let inner = tonic::client::Grpc::with_origin(inner, origin);
1976            Self { inner }
1977        }
1978        pub fn with_interceptor<F>(
1979            inner: T,
1980            interceptor: F,
1981        ) -> SchemaServiceClient<InterceptedService<T, F>>
1982        where
1983            F: tonic::service::Interceptor,
1984            T::ResponseBody: Default,
1985            T: tonic::codegen::Service<
1986                http::Request<tonic::body::BoxBody>,
1987                Response = http::Response<
1988                    <T as tonic::client::GrpcService<tonic::body::BoxBody>>::ResponseBody,
1989                >,
1990            >,
1991            <T as tonic::codegen::Service<
1992                http::Request<tonic::body::BoxBody>,
1993            >>::Error: Into<StdError> + std::marker::Send + std::marker::Sync,
1994        {
1995            SchemaServiceClient::new(InterceptedService::new(inner, interceptor))
1996        }
1997        /// Compress requests with the given encoding.
1998        ///
1999        /// This requires the server to support it otherwise it might respond with an
2000        /// error.
2001        #[must_use]
2002        pub fn send_compressed(mut self, encoding: CompressionEncoding) -> Self {
2003            self.inner = self.inner.send_compressed(encoding);
2004            self
2005        }
2006        /// Enable decompressing responses.
2007        #[must_use]
2008        pub fn accept_compressed(mut self, encoding: CompressionEncoding) -> Self {
2009            self.inner = self.inner.accept_compressed(encoding);
2010            self
2011        }
2012        /// Limits the maximum size of a decoded message.
2013        ///
2014        /// Default: `4MB`
2015        #[must_use]
2016        pub fn max_decoding_message_size(mut self, limit: usize) -> Self {
2017            self.inner = self.inner.max_decoding_message_size(limit);
2018            self
2019        }
2020        /// Limits the maximum size of an encoded message.
2021        ///
2022        /// Default: `usize::MAX`
2023        #[must_use]
2024        pub fn max_encoding_message_size(mut self, limit: usize) -> Self {
2025            self.inner = self.inner.max_encoding_message_size(limit);
2026            self
2027        }
2028        /// Read returns the current Object Definitions for a Permissions System.
2029        ///
2030        /// Errors include:
2031        /// - INVALID_ARGUMENT: a provided value has failed to semantically validate
2032        /// - NOT_FOUND: no schema has been defined
2033        pub async fn read_schema(
2034            &mut self,
2035            request: impl tonic::IntoRequest<super::ReadSchemaRequest>,
2036        ) -> std::result::Result<
2037            tonic::Response<super::ReadSchemaResponse>,
2038            tonic::Status,
2039        > {
2040            self.inner
2041                .ready()
2042                .await
2043                .map_err(|e| {
2044                    tonic::Status::unknown(
2045                        format!("Service was not ready: {}", e.into()),
2046                    )
2047                })?;
2048            let codec = tonic::codec::ProstCodec::default();
2049            let path = http::uri::PathAndQuery::from_static(
2050                "/authzed.api.v1.SchemaService/ReadSchema",
2051            );
2052            let mut req = request.into_request();
2053            req.extensions_mut()
2054                .insert(GrpcMethod::new("authzed.api.v1.SchemaService", "ReadSchema"));
2055            self.inner.unary(req, path, codec).await
2056        }
2057        /// Write overwrites the current Object Definitions for a Permissions System.
2058        pub async fn write_schema(
2059            &mut self,
2060            request: impl tonic::IntoRequest<super::WriteSchemaRequest>,
2061        ) -> std::result::Result<
2062            tonic::Response<super::WriteSchemaResponse>,
2063            tonic::Status,
2064        > {
2065            self.inner
2066                .ready()
2067                .await
2068                .map_err(|e| {
2069                    tonic::Status::unknown(
2070                        format!("Service was not ready: {}", e.into()),
2071                    )
2072                })?;
2073            let codec = tonic::codec::ProstCodec::default();
2074            let path = http::uri::PathAndQuery::from_static(
2075                "/authzed.api.v1.SchemaService/WriteSchema",
2076            );
2077            let mut req = request.into_request();
2078            req.extensions_mut()
2079                .insert(GrpcMethod::new("authzed.api.v1.SchemaService", "WriteSchema"));
2080            self.inner.unary(req, path, codec).await
2081        }
2082        /// ReflectSchema reflects the current schema stored in SpiceDB, returning a structural
2083        /// form of the schema for use by client tooling.
2084        pub async fn reflect_schema(
2085            &mut self,
2086            request: impl tonic::IntoRequest<super::ReflectSchemaRequest>,
2087        ) -> std::result::Result<
2088            tonic::Response<super::ReflectSchemaResponse>,
2089            tonic::Status,
2090        > {
2091            self.inner
2092                .ready()
2093                .await
2094                .map_err(|e| {
2095                    tonic::Status::unknown(
2096                        format!("Service was not ready: {}", e.into()),
2097                    )
2098                })?;
2099            let codec = tonic::codec::ProstCodec::default();
2100            let path = http::uri::PathAndQuery::from_static(
2101                "/authzed.api.v1.SchemaService/ReflectSchema",
2102            );
2103            let mut req = request.into_request();
2104            req.extensions_mut()
2105                .insert(
2106                    GrpcMethod::new("authzed.api.v1.SchemaService", "ReflectSchema"),
2107                );
2108            self.inner.unary(req, path, codec).await
2109        }
2110        /// ComputablePermissions returns the set of permissions that compute based off a relation
2111        /// in the current schema. For example, if the schema has a relation `viewer` and a permission
2112        /// `view` defined as `permission view = viewer + editor`, then the
2113        /// computable permissions for the relation `viewer` will include `view`.
2114        pub async fn computable_permissions(
2115            &mut self,
2116            request: impl tonic::IntoRequest<super::ComputablePermissionsRequest>,
2117        ) -> std::result::Result<
2118            tonic::Response<super::ComputablePermissionsResponse>,
2119            tonic::Status,
2120        > {
2121            self.inner
2122                .ready()
2123                .await
2124                .map_err(|e| {
2125                    tonic::Status::unknown(
2126                        format!("Service was not ready: {}", e.into()),
2127                    )
2128                })?;
2129            let codec = tonic::codec::ProstCodec::default();
2130            let path = http::uri::PathAndQuery::from_static(
2131                "/authzed.api.v1.SchemaService/ComputablePermissions",
2132            );
2133            let mut req = request.into_request();
2134            req.extensions_mut()
2135                .insert(
2136                    GrpcMethod::new(
2137                        "authzed.api.v1.SchemaService",
2138                        "ComputablePermissions",
2139                    ),
2140                );
2141            self.inner.unary(req, path, codec).await
2142        }
2143        /// DependentRelations returns the set of relations and permissions that used
2144        /// to compute a permission, recursively, in the current schema. It is the
2145        /// inverse of the ComputablePermissions API.
2146        pub async fn dependent_relations(
2147            &mut self,
2148            request: impl tonic::IntoRequest<super::DependentRelationsRequest>,
2149        ) -> std::result::Result<
2150            tonic::Response<super::DependentRelationsResponse>,
2151            tonic::Status,
2152        > {
2153            self.inner
2154                .ready()
2155                .await
2156                .map_err(|e| {
2157                    tonic::Status::unknown(
2158                        format!("Service was not ready: {}", e.into()),
2159                    )
2160                })?;
2161            let codec = tonic::codec::ProstCodec::default();
2162            let path = http::uri::PathAndQuery::from_static(
2163                "/authzed.api.v1.SchemaService/DependentRelations",
2164            );
2165            let mut req = request.into_request();
2166            req.extensions_mut()
2167                .insert(
2168                    GrpcMethod::new("authzed.api.v1.SchemaService", "DependentRelations"),
2169                );
2170            self.inner.unary(req, path, codec).await
2171        }
2172        /// DiffSchema returns the difference between the specified schema and the current
2173        /// schema stored in SpiceDB.
2174        pub async fn diff_schema(
2175            &mut self,
2176            request: impl tonic::IntoRequest<super::DiffSchemaRequest>,
2177        ) -> std::result::Result<
2178            tonic::Response<super::DiffSchemaResponse>,
2179            tonic::Status,
2180        > {
2181            self.inner
2182                .ready()
2183                .await
2184                .map_err(|e| {
2185                    tonic::Status::unknown(
2186                        format!("Service was not ready: {}", e.into()),
2187                    )
2188                })?;
2189            let codec = tonic::codec::ProstCodec::default();
2190            let path = http::uri::PathAndQuery::from_static(
2191                "/authzed.api.v1.SchemaService/DiffSchema",
2192            );
2193            let mut req = request.into_request();
2194            req.extensions_mut()
2195                .insert(GrpcMethod::new("authzed.api.v1.SchemaService", "DiffSchema"));
2196            self.inner.unary(req, path, codec).await
2197        }
2198    }
2199}
2200/// WatchRequest specifies what mutations to watch for, and an optional start point for when to start
2201/// watching.
2202#[derive(Clone, PartialEq, ::prost::Message)]
2203pub struct WatchRequest {
2204    /// optional_object_types is a filter of resource object types to watch for relationship changes.
2205    /// If specified, only changes to the specified object types will be returned and
2206    /// optional_relationship_filters cannot be used.
2207    #[prost(string, repeated, tag = "1")]
2208    pub optional_object_types: ::prost::alloc::vec::Vec<::prost::alloc::string::String>,
2209    /// optional_start_cursor is the ZedToken holding the point-in-time at
2210    /// which to start watching for changes.
2211    /// If not specified, the watch will start from the current SpiceDB revision time of the request ("head revision").
2212    /// Note that if this cursor references a point-in-time containing data
2213    /// that has been garbage collected, an error will be returned.
2214    #[prost(message, optional, tag = "2")]
2215    pub optional_start_cursor: ::core::option::Option<ZedToken>,
2216    /// optional_relationship_filters, if specified, indicates the
2217    /// filter(s) to apply to each relationship to be returned by watch.
2218    /// The relationship will be returned as long as at least one filter matches,
2219    /// this allows clients to match relationships on multiple filters on a single watch call.
2220    /// If specified, optional_object_types cannot be used.
2221    #[prost(message, repeated, tag = "3")]
2222    pub optional_relationship_filters: ::prost::alloc::vec::Vec<RelationshipFilter>,
2223    /// optional_update_kinds, if specified, indicates what kinds of mutations to include.
2224    /// If your SpiceDB instance is running behind a proxy that aborts idle connections,
2225    /// we recommend including Checkpoints to keep the stream alive even when there are no changes.
2226    #[prost(enumeration = "WatchKind", repeated, tag = "4")]
2227    pub optional_update_kinds: ::prost::alloc::vec::Vec<i32>,
2228}
2229/// WatchResponse contains all mutation events in ascending timestamp order.
2230/// This excludes relationships that were deleted because they expired.
2231/// The response includes a field that can be used to resume
2232/// watching from that point.
2233#[derive(Clone, PartialEq, ::prost::Message)]
2234pub struct WatchResponse {
2235    /// updates are the RelationshipUpdate events that have occurred since the
2236    /// call was made, or since the point in time specified by changes_through.
2237    #[prost(message, repeated, tag = "1")]
2238    pub updates: ::prost::alloc::vec::Vec<RelationshipUpdate>,
2239    /// changes_through is the ZedToken that represents the point in time
2240    /// that the watch response is current through. This token can be used
2241    /// in a subsequent WatchRequest to resume watching from this point.
2242    #[prost(message, optional, tag = "2")]
2243    pub changes_through: ::core::option::Option<ZedToken>,
2244    /// optional_transaction_metadata is an optional field that returns the transaction metadata
2245    /// given to SpiceDB during the transaction that produced the changes in this response.
2246    /// This field may not exist if no transaction metadata was provided, or if multiple pieces
2247    /// of metadata were found during the transaction (in which case it is ambiguous which to return).
2248    #[prost(message, optional, tag = "3")]
2249    pub optional_transaction_metadata: ::core::option::Option<::prost_types::Struct>,
2250    /// schema_updated, if true, indicates that the schema was changed in this revision.
2251    #[prost(bool, tag = "4")]
2252    pub schema_updated: bool,
2253    /// is_checkpoint, if true, indicates that a checkpoint was reached.
2254    /// A checkpoint indicates that the server guarantees that the client
2255    /// will not observe any changes at a revision below or equal to the revision in this response.
2256    #[prost(bool, tag = "5")]
2257    pub is_checkpoint: bool,
2258    /// full_revision_metadata contains all transaction metadata given to SpiceDB during the
2259    /// revision that produced the changes in this response. Some datastores (such as CockroachDB)
2260    /// can "merge" multiple transactions into a single revision (if the changes occurred concurrently),
2261    /// so this field is a list of all transaction metadata seen during the revision.
2262    #[prost(message, repeated, tag = "6")]
2263    pub full_revision_metadata: ::prost::alloc::vec::Vec<::prost_types::Struct>,
2264}
2265#[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, PartialOrd, Ord, ::prost::Enumeration)]
2266#[repr(i32)]
2267pub enum WatchKind {
2268    /// Default, just relationship updates (for backwards compatibility)
2269    Unspecified = 0,
2270    IncludeRelationshipUpdates = 1,
2271    IncludeSchemaUpdates = 2,
2272    IncludeCheckpoints = 3,
2273}
2274impl WatchKind {
2275    /// String value of the enum field names used in the ProtoBuf definition.
2276    ///
2277    /// The values are not transformed in any way and thus are considered stable
2278    /// (if the ProtoBuf definition does not change) and safe for programmatic use.
2279    pub fn as_str_name(&self) -> &'static str {
2280        match self {
2281            Self::Unspecified => "WATCH_KIND_UNSPECIFIED",
2282            Self::IncludeRelationshipUpdates => "WATCH_KIND_INCLUDE_RELATIONSHIP_UPDATES",
2283            Self::IncludeSchemaUpdates => "WATCH_KIND_INCLUDE_SCHEMA_UPDATES",
2284            Self::IncludeCheckpoints => "WATCH_KIND_INCLUDE_CHECKPOINTS",
2285        }
2286    }
2287    /// Creates an enum from field names used in the ProtoBuf definition.
2288    pub fn from_str_name(value: &str) -> ::core::option::Option<Self> {
2289        match value {
2290            "WATCH_KIND_UNSPECIFIED" => Some(Self::Unspecified),
2291            "WATCH_KIND_INCLUDE_RELATIONSHIP_UPDATES" => {
2292                Some(Self::IncludeRelationshipUpdates)
2293            }
2294            "WATCH_KIND_INCLUDE_SCHEMA_UPDATES" => Some(Self::IncludeSchemaUpdates),
2295            "WATCH_KIND_INCLUDE_CHECKPOINTS" => Some(Self::IncludeCheckpoints),
2296            _ => None,
2297        }
2298    }
2299}
2300/// Generated client implementations.
2301pub mod watch_service_client {
2302    #![allow(
2303        unused_variables,
2304        dead_code,
2305        missing_docs,
2306        clippy::wildcard_imports,
2307        clippy::let_unit_value,
2308    )]
2309    use tonic::codegen::*;
2310    use tonic::codegen::http::Uri;
2311    #[derive(Debug, Clone)]
2312    pub struct WatchServiceClient<T> {
2313        inner: tonic::client::Grpc<T>,
2314    }
2315    impl WatchServiceClient<tonic::transport::Channel> {
2316        /// Attempt to create a new client by connecting to a given endpoint.
2317        pub async fn connect<D>(dst: D) -> Result<Self, tonic::transport::Error>
2318        where
2319            D: TryInto<tonic::transport::Endpoint>,
2320            D::Error: Into<StdError>,
2321        {
2322            let conn = tonic::transport::Endpoint::new(dst)?.connect().await?;
2323            Ok(Self::new(conn))
2324        }
2325    }
2326    impl<T> WatchServiceClient<T>
2327    where
2328        T: tonic::client::GrpcService<tonic::body::BoxBody>,
2329        T::Error: Into<StdError>,
2330        T::ResponseBody: Body<Data = Bytes> + std::marker::Send + 'static,
2331        <T::ResponseBody as Body>::Error: Into<StdError> + std::marker::Send,
2332    {
2333        pub fn new(inner: T) -> Self {
2334            let inner = tonic::client::Grpc::new(inner);
2335            Self { inner }
2336        }
2337        pub fn with_origin(inner: T, origin: Uri) -> Self {
2338            let inner = tonic::client::Grpc::with_origin(inner, origin);
2339            Self { inner }
2340        }
2341        pub fn with_interceptor<F>(
2342            inner: T,
2343            interceptor: F,
2344        ) -> WatchServiceClient<InterceptedService<T, F>>
2345        where
2346            F: tonic::service::Interceptor,
2347            T::ResponseBody: Default,
2348            T: tonic::codegen::Service<
2349                http::Request<tonic::body::BoxBody>,
2350                Response = http::Response<
2351                    <T as tonic::client::GrpcService<tonic::body::BoxBody>>::ResponseBody,
2352                >,
2353            >,
2354            <T as tonic::codegen::Service<
2355                http::Request<tonic::body::BoxBody>,
2356            >>::Error: Into<StdError> + std::marker::Send + std::marker::Sync,
2357        {
2358            WatchServiceClient::new(InterceptedService::new(inner, interceptor))
2359        }
2360        /// Compress requests with the given encoding.
2361        ///
2362        /// This requires the server to support it otherwise it might respond with an
2363        /// error.
2364        #[must_use]
2365        pub fn send_compressed(mut self, encoding: CompressionEncoding) -> Self {
2366            self.inner = self.inner.send_compressed(encoding);
2367            self
2368        }
2369        /// Enable decompressing responses.
2370        #[must_use]
2371        pub fn accept_compressed(mut self, encoding: CompressionEncoding) -> Self {
2372            self.inner = self.inner.accept_compressed(encoding);
2373            self
2374        }
2375        /// Limits the maximum size of a decoded message.
2376        ///
2377        /// Default: `4MB`
2378        #[must_use]
2379        pub fn max_decoding_message_size(mut self, limit: usize) -> Self {
2380            self.inner = self.inner.max_decoding_message_size(limit);
2381            self
2382        }
2383        /// Limits the maximum size of an encoded message.
2384        ///
2385        /// Default: `usize::MAX`
2386        #[must_use]
2387        pub fn max_encoding_message_size(mut self, limit: usize) -> Self {
2388            self.inner = self.inner.max_encoding_message_size(limit);
2389            self
2390        }
2391        /// Watch returns a stream of events that occurred in the datastore in ascending timestamp order.
2392        /// The events can be relationship updates, schema updates, or checkpoints.
2393        pub async fn watch(
2394            &mut self,
2395            request: impl tonic::IntoRequest<super::WatchRequest>,
2396        ) -> std::result::Result<
2397            tonic::Response<tonic::codec::Streaming<super::WatchResponse>>,
2398            tonic::Status,
2399        > {
2400            self.inner
2401                .ready()
2402                .await
2403                .map_err(|e| {
2404                    tonic::Status::unknown(
2405                        format!("Service was not ready: {}", e.into()),
2406                    )
2407                })?;
2408            let codec = tonic::codec::ProstCodec::default();
2409            let path = http::uri::PathAndQuery::from_static(
2410                "/authzed.api.v1.WatchService/Watch",
2411            );
2412            let mut req = request.into_request();
2413            req.extensions_mut()
2414                .insert(GrpcMethod::new("authzed.api.v1.WatchService", "Watch"));
2415            self.inner.server_streaming(req, path, codec).await
2416        }
2417    }
2418}