feat(sdk): Update to the latest service protos

[elizabethhealy]

Regen the connectrpc code with the latest protos
Includes the addition of authorization v2, ers v2, and obligations

[gemini-code-assist]

Summary of Changes

Hello @elizabethhealy, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly updates the service protobufs, primarily by introducing a new, more robust authorization service (v2) and a comprehensive obligations service. It also includes substantial refactoring and deprecation of older key access server (KAS) related fields, moving towards a more explicit 'kas_keys' model and adding new key mapping capabilities. Key provider configurations are enhanced with a 'manager' field for better categorization and filtering. These changes aim to improve the clarity, functionality, and maintainability of the platform's policy and security infrastructure.

Highlights

• Authorization v2: Introduced a new version of the authorization service (v2) with new protobuf messages and services for handling authorization decisions and entitlements. This includes new entity and entity resolution protos to support the updated authorization model.
• Obligations Service: Added a new Obligations service and associated protobuf messages for managing obligations, obligation values, and triggers, enhancing policy enforcement capabilities.
• Key Access Server (KAS) Refactoring and Deprecations: Refactored KAS-related fields across various policy objects, deprecating older 'grants' fields in favor of 'kas_keys'. Several RPCs and messages related to KAS grants and legacy public keys have been explicitly marked as deprecated.
• Key Mapping Functionality: Introduced new key mapping functionality within the KAS registry, allowing for better management and listing of how keys are mapped to policy objects.
• Key Provider Configuration Enhancements: Added a 'manager' field to key provider configurations, allowing for specification and filtering by the type of key manager (e.g., AWS, GCP, Azure).
• Unsafe Operations Clarification: Updated the 'UnsafeDeleteKasKeyRequest' to require specific key identifiers (kid, kas_uri) and added a warning about the impact of deleting keys.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a significant update to the SDK by regenerating the connectrpc code from the latest service protos. The changes include the addition of new services like authorization v2, entity resolution v2, and obligations, which is a substantial feature enhancement. The PR also thoughtfully deprecates older APIs, such as KAS-level grants, in favor of more granular and secure key-level grants, and provides clear deprecation notices. The introduction of additional checks in 'unsafe' APIs, like for key deletion, is a welcome safety improvement. My review found the changes to be consistent and well-structured. I have one suggestion to further improve the documentation for a critical 'unsafe' operation to enhance developer experience and prevent potential misuse.

[eugenioenko]

Hi @elizabethhealy, the generated stubs look great!

For the client stubs to become available in the SDK we need to create a client for them

web-sdk/lib/src/platform.ts

Line 89 in 4979885

this.v1 = {

Basically, we need something similar to this

import { AuthorizationService as AuthorizationServiceV2} from './platform/authorization/v2/authorization_pb.js';

this.v2 = {
   authorization: createClient(AuthorizationService2, transport),
}