Skip to content

Commit ab196b3

Browse files
committed
feat(authzen): add contextual tuples support
Signed-off-by: Blair Drummond <bdrummond@coreweave.com>
1 parent f153694 commit ab196b3

4 files changed

Lines changed: 1482 additions & 1172 deletions

File tree

authzen/v1/authzen_service.proto

Lines changed: 21 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,8 @@ package authzen.v1;
55
import "google/api/annotations.proto";
66
import "google/api/field_behavior.proto";
77
import "google/protobuf/struct.proto";
8+
import "openfga/v1/openfga.proto";
9+
import "openfga/v1/openfga_service_consistency.proto";
810
import "protoc-gen-openapiv2/options/annotations.proto";
911
import "validate/validate.proto";
1012

@@ -362,6 +364,18 @@ service AuthZenService {
362364
}
363365
}
364366

367+
// Context provides typed fields for OpenFGA-specific values alongside arbitrary additional context.
368+
message Context {
369+
// OpenFGA consistency preference for this request
370+
optional openfga.v1.ConsistencyPreference consistency = 1 [json_name = "openfga.dev/consistency"];
371+
372+
// Contextual tuples to use for this request
373+
optional openfga.v1.ContextualTupleKeys tuples = 2 [json_name = "openfga.dev/tuple_keys"];
374+
375+
// Arbitrary additional context values (time, ip_address, etc.)
376+
optional google.protobuf.Struct data = 3;
377+
}
378+
365379
message EvaluationRequest {
366380
string store_id = 1 [
367381
json_name = "store_id",
@@ -385,14 +399,14 @@ message EvaluationRequest {
385399
(google.api.field_behavior) = REQUIRED
386400
];
387401

388-
optional google.protobuf.Struct context = 5;
402+
optional Context context = 5;
389403
}
390404

391405
message EvaluationsItemRequest {
392406
optional Subject subject = 1;
393407
optional Resource resource = 2;
394408
optional Action action = 3;
395-
optional google.protobuf.Struct context = 4;
409+
optional Context context = 4;
396410
}
397411

398412
message Subject {
@@ -489,7 +503,7 @@ message Action {
489503
message EvaluationResponse {
490504
bool decision = 1;
491505

492-
optional google.protobuf.Struct context = 2;
506+
optional Context context = 2;
493507
}
494508

495509
message EvaluationsRequest {
@@ -503,7 +517,7 @@ message EvaluationsRequest {
503517
optional Subject subject = 2;
504518
optional Action action = 3;
505519
optional Resource resource = 4;
506-
optional google.protobuf.Struct context = 5;
520+
optional Context context = 5;
507521
// Optional. If omitted or empty, behaves like a single Access Evaluation request.
508522
repeated EvaluationsItemRequest evaluations = 6;
509523

@@ -576,7 +590,7 @@ message SubjectSearchRequest {
576590
(google.api.field_behavior) = REQUIRED
577591
];
578592

579-
optional google.protobuf.Struct context = 5;
593+
optional Context context = 5;
580594

581595
PageRequest page = 6;
582596
}
@@ -611,7 +625,7 @@ message ResourceSearchRequest {
611625
(google.api.field_behavior) = REQUIRED
612626
];
613627

614-
optional google.protobuf.Struct context = 5;
628+
optional Context context = 5;
615629

616630
PageRequest page = 6;
617631
}
@@ -640,7 +654,7 @@ message ActionSearchRequest {
640654
(google.api.field_behavior) = REQUIRED
641655
];
642656

643-
optional google.protobuf.Struct context = 4;
657+
optional Context context = 4;
644658

645659
PageRequest page = 5;
646660
}

docs/openapiv2/apidocs.swagger.json

Lines changed: 25 additions & 7 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)