forked from biscuit-auth/biscuit
-
Notifications
You must be signed in to change notification settings - Fork 0
/
schema.proto
169 lines (138 loc) · 2.84 KB
/
schema.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
syntax = "proto2";
package biscuit.format.schema;
message Biscuit {
required bytes authority = 1;
repeated bytes blocks = 2;
repeated bytes keys = 3;
required Signature signature = 4;
}
message SealedBiscuit {
required bytes authority = 1;
repeated bytes blocks = 2;
required bytes signature = 3;
}
message Signature {
repeated bytes parameters = 1;
required bytes z = 2;
}
message Block {
required uint32 index = 1;
repeated string symbols = 2;
repeated Fact facts = 3;
repeated Rule rules = 4;
repeated Caveat caveats = 5;
optional string context = 6;
}
message Fact {
required Predicate predicate = 1;
}
message Rule {
required Predicate head = 1;
repeated Predicate body = 2;
repeated Constraint constraints = 3;
}
message Caveat {
repeated Rule queries = 1;
}
message Predicate {
required uint64 name = 1;
repeated ID ids = 2;
}
message ID {
enum Kind {
SYMBOL = 0;
VARIABLE = 1;
INTEGER = 2;
STR = 3;
DATE = 4;
BYTES = 5;
}
required Kind kind = 1;
optional uint64 symbol = 2;
optional uint32 variable = 3;
optional int64 integer = 4;
optional string str = 5;
optional uint64 date = 6;
optional bytes bytes = 7;
}
message Constraint {
required uint32 id = 1;
enum Kind {
INT = 0;
STRING = 1;
DATE = 2;
SYMBOL = 3;
BYTES = 4;
}
required Kind kind = 2;
optional IntConstraint int = 3;
optional StringConstraint str = 4;
optional DateConstraint date = 5;
optional SymbolConstraint symbol = 6;
optional BytesConstraint bytes = 7;
}
message IntConstraint {
enum Kind {
LOWER = 0;
LARGER = 1;
LOWER_OR_EQUAL = 2;
LARGER_OR_EQUAL = 3;
EQUAL = 4;
IN = 5;
NOT_IN = 6;
}
required Kind kind = 1;
optional int64 lower = 2;
optional int64 larger = 3;
optional int64 lower_or_equal = 4;
optional int64 larger_or_equal = 5;
optional int64 equal = 6;
repeated int64 in_set = 7 [packed=true];
repeated int64 not_in_set = 8 [packed=true];
}
message StringConstraint {
enum Kind {
PREFIX = 0;
SUFFIX = 1;
EQUAL = 2;
IN = 3;
NOT_IN = 4;
REGEX = 5;
}
required Kind kind = 1;
optional string prefix = 2;
optional string suffix = 3;
optional string equal = 4;
repeated string in_set = 5;
repeated string not_in_set = 6;
optional string regex = 7;
}
message DateConstraint {
enum Kind {
BEFORE = 0;
AFTER = 1;
}
required Kind kind = 1;
optional uint64 before = 2;
optional uint64 after = 3;
}
message SymbolConstraint {
enum Kind {
IN = 0;
NOT_IN = 1;
}
required Kind kind = 1;
repeated uint64 in_set = 2;
repeated uint64 not_in_set = 3;
}
message BytesConstraint {
enum Kind {
EQUAL = 0;
IN = 1;
NOT_IN = 2;
}
required Kind kind = 1;
optional bytes equal = 2;
repeated bytes in_set = 3;
repeated bytes not_in_set = 4;
}