Merge pull request #125 from josephschorr/rel-expiration-api

Add support for relationship expiration in the API
authzed · Nov 26, 2024 · 0aa4ec4 · 0aa4ec4
2 parents d80b0c6 + 8c4ebbf
commit 0aa4ec4
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 1 deletion.
diff --git a/authzed/api/v1/core.proto b/authzed/api/v1/core.proto
@@ -6,6 +6,7 @@ option java_package = "com.authzed.api.v1";
 option java_multiple_files = true;
 
 import "google/protobuf/struct.proto";
+import "google/protobuf/timestamp.proto";
 import "validate/validate.proto";
 
 // Relationship specifies how a resource relates to a subject. Relationships
@@ -24,8 +25,11 @@ message Relationship {
   // subject is the subject to which the resource is related, in some manner.
   SubjectReference subject = 3 [ (validate.rules).message.required = true ];
 
-  // optional_caveat is a reference to a the caveat that must be enforced over the relationship
+  // optional_caveat is a reference to a the caveat that must be enforced over the relationship.
   ContextualizedCaveat optional_caveat = 4 [ (validate.rules).message.required = false ];
+
+  // optional_expires_at is the time at which the relationship expires, if any.
+  google.protobuf.Timestamp optional_expires_at = 5;
 }
 
 // ContextualizedCaveat represents a reference to a caveat to be used by caveated relationships.

diff --git a/authzed/api/v1/debug.proto b/authzed/api/v1/debug.proto
@@ -5,6 +5,7 @@ import "authzed/api/v1/core.proto";
 import "validate/validate.proto";
 import "google/protobuf/struct.proto";
 import "google/protobuf/duration.proto";
+import "google/protobuf/timestamp.proto";
 
 option go_package = "github.com/authzed/authzed-go/proto/authzed/api/v1";
 option java_package = "com.authzed.api.v1";
@@ -77,6 +78,10 @@ message CheckDebugTrace {
     // and a permissionship of PERMISSIONSHIP_HAS_PERMISSION indicates the subject was found within this relation.
     SubProblems sub_problems = 7;
   }
+
+  // optional_expires_at is the time at which at least one of the relationships used to
+  // compute this result, expires (if any). This is *not* related to the caching window.
+  google.protobuf.Timestamp optional_expires_at = 10;
 }
 
 // CaveatEvalInfo holds information about a caveat expression that was evaluated.

diff --git a/authzed/api/v1/permission_service.proto b/authzed/api/v1/permission_service.proto
@@ -8,6 +8,7 @@ option java_multiple_files = true;
 import "google/protobuf/struct.proto";
 import "google/api/annotations.proto";
 import "google/rpc/status.proto";
+import "google/protobuf/timestamp.proto";
 import "validate/validate.proto";
 
 import "authzed/api/v1/core.proto";
@@ -405,6 +406,10 @@ message CheckPermissionResponse {
 
   // debug_trace is the debugging trace of this check, if requested.
   DebugInformation debug_trace = 4;
+
+  // optional_expires_at is the time at which at least one of the relationships used to
+  // compute this result, expires (if any). This is *not* related to the caching window.
+  google.protobuf.Timestamp optional_expires_at = 5;
 }
 
 // CheckBulkPermissionsRequest issues a check on whether a subject has permission