// Code generated by protoc-gen-ts_proto. DO NOT EDIT.
// source: cerbos/policy/v1/policy.proto

/* eslint-disable */
import { type Effect } from "../../effect/v1/effect";

export const protobufPackage = "cerbos.policy.v1";

export enum ScopePermissions {
  SCOPE_PERMISSIONS_UNSPECIFIED = 0,
  SCOPE_PERMISSIONS_OVERRIDE_PARENT = 1,
  SCOPE_PERMISSIONS_REQUIRE_PARENTAL_CONSENT_FOR_ALLOWS = 2,
}

export interface Policy {
  apiVersion: string;
  disabled: boolean;
  description: string;
  metadata: Metadata | undefined;
  policyType?:
    | { $case: "resourcePolicy"; resourcePolicy: ResourcePolicy }
    | { $case: "principalPolicy"; principalPolicy: PrincipalPolicy }
    | { $case: "derivedRoles"; derivedRoles: DerivedRoles }
    | { $case: "exportVariables"; exportVariables: ExportVariables }
    | { $case: "rolePolicy"; rolePolicy: RolePolicy }
    | { $case: "exportConstants"; exportConstants: ExportConstants }
    | undefined;
  variables: { [key: string]: string };
  jsonSchema: string;
}

export interface Policy_VariablesEntry {
  key: string;
  value: string;
}

export interface SourceAttributes {
  attributes: { [key: string]: any | undefined };
}

export interface SourceAttributes_AttributesEntry {
  key: string;
  value: any | undefined;
}

export interface Metadata {
  sourceFile: string;
  annotations: { [key: string]: string };
  hash: string | undefined;
  storeIdentifer: string;
  storeIdentifier: string;
  sourceAttributes: SourceAttributes | undefined;
}

export interface Metadata_AnnotationsEntry {
  key: string;
  value: string;
}

export interface ResourcePolicy {
  resource: string;
  version: string;
  importDerivedRoles: string[];
  rules: ResourceRule[];
  scope: string;
  schemas: Schemas | undefined;
  variables: Variables | undefined;
  scopePermissions: ScopePermissions;
  constants: Constants | undefined;
}

export interface ResourceRule {
  actions: string[];
  derivedRoles: string[];
  roles: string[];
  condition: Condition | undefined;
  effect: Effect;
  name: string;
  output: Output | undefined;
}

export interface RolePolicy {
  policyType?: { $case: "role"; role: string } | undefined;
  parentRoles: string[];
  scope: string;
  rules: RoleRule[];
  scopePermissions: ScopePermissions;
}

export interface RoleRule {
  resource: string;
  allowActions: string[];
  condition: Condition | undefined;
}

export interface PrincipalPolicy {
  principal: string;
  version: string;
  rules: PrincipalRule[];
  scope: string;
  variables: Variables | undefined;
  scopePermissions: ScopePermissions;
  constants: Constants | undefined;
}

export interface PrincipalRule {
  resource: string;
  actions: PrincipalRule_Action[];
}

export interface PrincipalRule_Action {
  action: string;
  condition: Condition | undefined;
  effect: Effect;
  name: string;
  output: Output | undefined;
}

export interface DerivedRoles {
  name: string;
  definitions: RoleDef[];
  variables: Variables | undefined;
  constants: Constants | undefined;
}

export interface RoleDef {
  name: string;
  parentRoles: string[];
  condition: Condition | undefined;
}

export interface ExportConstants {
  name: string;
  definitions: { [key: string]: any | undefined };
}

export interface ExportConstants_DefinitionsEntry {
  key: string;
  value: any | undefined;
}

export interface Constants {
  import: string[];
  local: { [key: string]: any | undefined };
}

export interface Constants_LocalEntry {
  key: string;
  value: any | undefined;
}

export interface ExportVariables {
  name: string;
  definitions: { [key: string]: string };
}

export interface ExportVariables_DefinitionsEntry {
  key: string;
  value: string;
}

export interface Variables {
  import: string[];
  local: { [key: string]: string };
}

export interface Variables_LocalEntry {
  key: string;
  value: string;
}

export interface Condition {
  condition?:
    | { $case: "match"; match: Match }
    | { $case: "script"; script: string }
    | undefined;
}

export interface Match {
  op?:
    | { $case: "all"; all: Match_ExprList }
    | { $case: "any"; any: Match_ExprList }
    | { $case: "none"; none: Match_ExprList }
    | { $case: "expr"; expr: string }
    | undefined;
}

export interface Match_ExprList {
  of: Match[];
}

export interface Output {
  expr: string;
  when: Output_When | undefined;
}

export interface Output_When {
  ruleActivated: string;
  conditionNotMet: string;
}

export interface Schemas {
  principalSchema: Schemas_Schema | undefined;
  resourceSchema: Schemas_Schema | undefined;
}

export interface Schemas_IgnoreWhen {
  actions: string[];
}

export interface Schemas_Schema {
  ref: string;
  ignoreWhen: Schemas_IgnoreWhen | undefined;
}