This repository has been archived by the owner on Feb 9, 2023. It is now read-only.
forked from biscuit-auth/biscuit-java
-
Notifications
You must be signed in to change notification settings - Fork 0
/
schema.proto
143 lines (119 loc) · 2.23 KB
/
schema.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
syntax = "proto2";
package biscuit.format.schema;
message Biscuit {
optional uint32 rootKeyId = 1;
required SignedBlock authority = 2;
repeated SignedBlock blocks = 3;
required Proof proof = 4;
}
message SignedBlock {
required bytes block = 1;
required PublicKey nextKey = 2;
required bytes signature = 3;
}
message PublicKey {
required Algorithm algorithm = 1;
enum Algorithm {
Ed25519 = 0;
}
required bytes key = 2;
}
message Proof {
oneof Content {
bytes nextSecret = 1;
bytes finalSignature = 2;
}
}
message Block {
repeated string symbols = 1;
optional string context = 2;
optional uint32 version = 3;
repeated FactV2 facts_v2 = 4;
repeated RuleV2 rules_v2 = 5;
repeated CheckV2 checks_v2 = 6;
}
message FactV2 {
required PredicateV2 predicate = 1;
}
message RuleV2 {
required PredicateV2 head = 1;
repeated PredicateV2 body = 2;
repeated ExpressionV2 expressions = 3;
}
message CheckV2 {
repeated RuleV2 queries = 1;
}
message PredicateV2 {
required uint64 name = 1;
repeated TermV2 terms = 2;
}
message TermV2 {
oneof Content {
uint32 variable = 1;
int64 integer = 2;
uint64 string = 3;
uint64 date = 4;
bytes bytes = 5;
bool bool = 6;
TermSet set = 7;
}
}
message TermSet {
repeated TermV2 set = 1;
}
message ExpressionV2 {
repeated Op ops = 1;
}
message Op {
oneof Content {
TermV2 value = 1;
OpUnary unary = 2;
OpBinary Binary = 3;
}
}
message OpUnary {
enum Kind {
Negate = 0;
Parens = 1;
Length = 2;
}
required Kind kind = 1;
}
message OpBinary {
enum Kind {
LessThan = 0;
GreaterThan = 1;
LessOrEqual = 2;
GreaterOrEqual = 3;
Equal = 4;
Contains = 5;
Prefix = 6;
Suffix = 7;
Regex = 8;
Add = 9;
Sub = 10;
Mul = 11;
Div = 12;
And = 13;
Or = 14;
Intersection = 15;
Union = 16;
}
required Kind kind = 1;
}
message Policy {
enum Kind {
Allow = 0;
Deny = 1;
}
repeated RuleV2 queries = 1;
required Kind kind = 2;
}
message AuthorizerPolicies {
repeated string symbols = 1;
optional uint32 version = 2;
repeated FactV2 facts = 3;
repeated RuleV2 rules = 4;
repeated CheckV2 checks = 5;
repeated Policy policies = 6;
}