Merge pull request #125 from josephschorr/rel-expiration-api

Add support for relationship expiration in the API

Author: josephschorr

authzed/api/v1/core.proto

@@ -6,6 +6,7 @@ option java_package = "com.authzed.api.v1";
 option java_multiple_files = true;
 
 import "google/protobuf/struct.proto";
+import "google/protobuf/timestamp.proto";
 import "validate/validate.proto";
 
 // Relationship specifies how a resource relates to a subject. Relationships
@@ -24,8 +25,11 @@ message Relationship {
   // subject is the subject to which the resource is related, in some manner.
   SubjectReference subject = 3 [ (validate.rules).message.required = true ];
 
-  // optional_caveat is a reference to a the caveat that must be enforced over the relationship
+  // optional_caveat is a reference to a the caveat that must be enforced over the relationship.
   ContextualizedCaveat optional_caveat = 4 [ (validate.rules).message.required = false ];
+
+  // optional_expires_at is the time at which the relationship expires, if any.
+  google.protobuf.Timestamp optional_expires_at = 5;
 }
 
 // ContextualizedCaveat represents a reference to a caveat to be used by caveated relationships.

authzed/api/v1/debug.proto

@@ -5,6 +5,7 @@ import "authzed/api/v1/core.proto";
 import "validate/validate.proto";
 import "google/protobuf/struct.proto";
 import "google/protobuf/duration.proto";
+import "google/protobuf/timestamp.proto";
 
 option go_package = "github.com/authzed/authzed-go/proto/authzed/api/v1";
 option java_package = "com.authzed.api.v1";
@@ -77,6 +78,10 @@ message CheckDebugTrace {
     // and a permissionship of PERMISSIONSHIP_HAS_PERMISSION indicates the subject was found within this relation.
     SubProblems sub_problems = 7;
   }
+
+  // optional_expires_at is the time at which at least one of the relationships used to
+  // compute this result, expires (if any). This is *not* related to the caching window.
+  google.protobuf.Timestamp optional_expires_at = 10;
 }
 
 // CaveatEvalInfo holds information about a caveat expression that was evaluated.

authzed/api/v1/permission_service.proto

@@ -8,6 +8,7 @@ option java_multiple_files = true;
 import "google/protobuf/struct.proto";
 import "google/api/annotations.proto";
 import "google/rpc/status.proto";
+import "google/protobuf/timestamp.proto";
 import "validate/validate.proto";
 
 import "authzed/api/v1/core.proto";
@@ -405,6 +406,10 @@ message CheckPermissionResponse {
 
   // debug_trace is the debugging trace of this check, if requested.
   DebugInformation debug_trace = 4;
+
+  // optional_expires_at is the time at which at least one of the relationships used to
+  // compute this result, expires (if any). This is *not* related to the caching window.
+  google.protobuf.Timestamp optional_expires_at = 5;
 }
 
 // CheckBulkPermissionsRequest issues a check on whether a subject has permission