openfga · jon-whit · Dec 1, 2023 · Dec 1, 2023
diff --git a/docs/openapiv2/apidocs.swagger.json b/docs/openapiv2/apidocs.swagger.json
diff --git a/openfga/v1/authzmodel.proto b/openfga/v1/authzmodel.proto
@@ -8,12 +8,14 @@ import "validate/validate.proto";
 
 message AuthorizationModel {
   string id = 1 [
-    (validate.rules).string = {pattern: "^[ABCDEFGHJKMNPQRSTVWXYZ0-9]{26}$"},
+    (google.api.field_behavior) = REQUIRED,
+    (validate.rules).string = {pattern: "^[ABCDEFGHJKMNPQRSTVWXYZ0-9]{26}$", ignore_empty: false},
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {example: "\"01G5JAVJ41T49E9TT3SKVS7X1J\""}
   ];
 
   string schema_version = 2 [
     (google.api.field_behavior) = REQUIRED,
+    (validate.rules).string = {pattern: "^[1-9].[1-9]$", ignore_empty: false},
     json_name = "schema_version"
   ];
 
@@ -26,13 +28,13 @@ message AuthorizationModel {
   map<string, Condition> conditions = 4 [
     json_name = "conditions",
     (validate.rules).map.max_pairs = 25,
-    (validate.rules).map.keys.string = {pattern: "^[^:#@\\s]{1,50}$"}
+    (validate.rules).map.keys.string = {pattern: "^[^:#@\\s]{1,50}$", ignore_empty: false}
   ];
 }
 
 message TypeDefinition {
   string type = 1 [
-    (validate.rules).string = {pattern: "^[^:#@\\s]{1,254}$"},
+    (validate.rules).string = {pattern: "^[^:#@\\s]{1,254}$", ignore_empty: false},
     (google.api.field_behavior) = REQUIRED,
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {example: "\"document\""}
   ];
@@ -47,7 +49,7 @@ message TypeDefinition {
 }
 
 message Relation {
-  string name = 1 [(validate.rules).string = {pattern: "^[^:#@\\s]{1,50}$"}];
+  string name = 1 [(validate.rules).string = {pattern: "^[^:#@\\s]{1,50}$", ignore_empty: false}];
 
   Userset rewrite = 2 [
     (validate.rules).message.required = true,
@@ -72,7 +74,7 @@ message RelationMetadata {
 // RelationReference represents a relation of a particular object type (e.g. 'document#viewer').
 message RelationReference {
   string type = 1 [
-    (validate.rules).string = {pattern: "^[^:#@\\s]{1,254}$"},
+    (validate.rules).string = {pattern: "^[^:#@\\s]{1,254}$", ignore_empty: false},
     (google.api.field_behavior) = REQUIRED,
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {example: "\"group\""}
   ];
@@ -96,7 +98,9 @@ message RelationReference {
 message Wildcard {}
 
 message Usersets {
-  repeated Userset child = 1 [(google.api.field_behavior) = REQUIRED];
+  repeated Userset child = 1 [
+    (google.api.field_behavior) = REQUIRED
+  ];
 }
 
 message Difference {
@@ -131,23 +135,36 @@ message ObjectRelation {
   string relation = 2 [(validate.rules).string = {max_bytes: 50}];
 }
 
+message ComputedUserset {
+  string relation = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (validate.rules).string = {max_bytes: 50, ignore_empty: false}
+  ];
+}
+
 message TupleToUserset {
   // The target object/relation
-  ObjectRelation tupleset = 1 [(google.api.field_behavior) = REQUIRED];
-  ObjectRelation computed_userset = 2 [(google.api.field_behavior) = REQUIRED];
+  ObjectRelation tupleset = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (validate.rules).message.required = true
+  ];
+  ObjectRelation computed_userset = 2 [
+    (google.api.field_behavior) = REQUIRED,
+    (validate.rules).message.required = true
+  ];
 }
 
 message Condition {
   // A unique name for the condition
   string name = 1 [
     (google.api.field_behavior) = REQUIRED,
-    (validate.rules).string = {pattern: "^[^:#@\\s]{1,50}$"}
+    (validate.rules).string = {pattern: "^[^:#@\\s]{1,50}$", ignore_empty: false}
   ];
 
   // A Google CEL expression, expressed as a string.
   string expression = 2 [
     (google.api.field_behavior) = REQUIRED,
-    (validate.rules).string = {max_bytes: 512}
+    (validate.rules).string = {max_bytes: 512, ignore_empty: false}
   ];
 
   // A map of parameter names to the parameter's defined type reference.

diff --git a/openfga/v1/openfga.proto b/openfga/v1/openfga.proto
@@ -15,21 +15,21 @@ import "validate/validate.proto";
 // See https://openfga.dev/docs/concepts#what-is-an-object
 message Object {
   string type = 1 [
-    (validate.rules).string = {pattern: "^[^:#@\\s]{1,254}$"},
+    (validate.rules).string = {pattern: "^[^:#@\\s]{1,254}$", ignore_empty: false},
     (google.api.field_behavior) = REQUIRED,
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {example: "\"document\""}
   ];
 
   string id = 2 [
-    (validate.rules).string = {pattern: "[^#:\\s]+$"},
+    (validate.rules).string = {pattern: "[^#:\\s]+$", ignore_empty: false},
     (google.api.field_behavior) = REQUIRED
   ];
 }
 
 message RelationshipCondition {
   // A reference (by name) of the relationship condition defined in the authorization model.
   string name = 1 [
-    (validate.rules).string = {pattern: "^[^\\s]{2,256}$"},
+    (validate.rules).string = {pattern: "^[^\\s]{2,256}$", ignore_empty: false},
     (google.api.field_behavior) = REQUIRED,
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       max_length: 256,
@@ -40,7 +40,10 @@ message RelationshipCondition {
   // Additional context/data to persist along with the condition.
   // The keys must match the parameters defined by the condition, and the value types must
   // match the parameter type definitions.
-  google.protobuf.Struct context = 2 [(google.api.field_behavior) = REQUIRED];
+  google.protobuf.Struct context = 2 [
+    (google.api.field_behavior) = REQUIRED,
+    (validate.rules).message.required = true
+  ];
 }
 
 message TupleKeyWithoutCondition {
@@ -81,7 +84,7 @@ message TupleKeyWithoutCondition {
 message TupleKey {
   string user = 1 [
     (google.api.field_behavior) = REQUIRED,
-    (validate.rules).string = {max_bytes: 512},
+    (validate.rules).string = {max_bytes: 512, ignore_empty: false},
     (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
       max_length: 512,
       example: "\"user:anne\""
@@ -116,7 +119,10 @@ message TupleKey {
 }
 
 message Tuple {
-  TupleKey key = 1 [(google.api.field_behavior) = REQUIRED];
+  TupleKey key = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (validate.rules).message.required = true
+  ];
   google.protobuf.Timestamp timestamp = 2 [(google.api.field_behavior) = REQUIRED];
 }
 
@@ -156,25 +162,43 @@ message UsersetTree {
   }
 
   message Nodes {
-    repeated Node nodes = 1 [(google.api.field_behavior) = REQUIRED];
+    repeated Node nodes = 1  [
+      (google.api.field_behavior) = REQUIRED
+    ];
   }
 
   message Users {
-    repeated string users = 1 [(google.api.field_behavior) = REQUIRED];
+    repeated string users = 1 [
+      (google.api.field_behavior) = REQUIRED
+    ];
   }
 
   message Computed {
-    string userset = 1 [(google.api.field_behavior) = REQUIRED];
+    string userset = 1 [
+      (google.api.field_behavior) = REQUIRED,
+      (validate.rules).string = {ignore_empty: false}
+    ];
   }
 
   message TupleToUserset {
-    string tupleset = 1 [(google.api.field_behavior) = REQUIRED];
-    repeated Computed computed = 2 [(google.api.field_behavior) = REQUIRED];
+    string tupleset = 1 [
+      (google.api.field_behavior) = REQUIRED,
+      (validate.rules).string = {ignore_empty: false}
+    ];
+    repeated Computed computed = 2 [
+      (google.api.field_behavior) = REQUIRED
+    ];
   }
 
   message Difference {
-    Node base = 1 [(google.api.field_behavior) = REQUIRED];
-    Node subtract = 2 [(google.api.field_behavior) = REQUIRED];
+    Node base = 1 [
+      (google.api.field_behavior) = REQUIRED,
+      (validate.rules).message.required = true
+    ];
+    Node subtract = 2 [
+      (google.api.field_behavior) = REQUIRED,
+      (validate.rules).message.required = true
+    ];
   }
 
   message Node {
@@ -199,7 +223,8 @@ enum TupleOperation {
 message TupleChange {
   TupleKey tuple_key = 1 [
     json_name = "tuple_key",
-    (google.api.field_behavior) = REQUIRED
+    (google.api.field_behavior) = REQUIRED,
+    (validate.rules).message.required = true
   ];
   TupleOperation operation = 2 [
     (validate.rules).enum.defined_only = true,
@@ -209,8 +234,14 @@ message TupleChange {
 }
 
 message Store {
-  string id = 1 [(google.api.field_behavior) = REQUIRED];
-  string name = 2 [(google.api.field_behavior) = REQUIRED];
+  string id = 1 [
+    (google.api.field_behavior) = REQUIRED,
+    (validate.rules).string = {ignore_empty: false}
+  ];
+  string name = 2 [
+    (google.api.field_behavior) = REQUIRED,
+    (validate.rules).string = {ignore_empty: false}
+  ];
   google.protobuf.Timestamp created_at = 3 [
     json_name = "created_at",
     (google.api.field_behavior) = REQUIRED