chore(deps): bump go.einride.tech/sage from 0.270.1 to 0.273.1 in /.sage

Bumps [go.einride.tech/sage](https://github.com/einride/sage) from 0.270.1 to 0.273.1.
- [Release notes](https://github.com/einride/sage/releases)
- [Commits](einride/sage@v0.270.1...v0.273.1)

---
updated-dependencies:
- dependency-name: go.einride.tech/sage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

.sage/go.mod

@@ -2,4 +2,4 @@ module sage
 
 go 1.17
 
-require go.einride.tech/sage v0.270.1
+require go.einride.tech/sage v0.273.1

.sage/go.sum

@@ -1,2 +1,2 @@
-go.einride.tech/sage v0.270.1 h1:SxgNHhIuXPvenZzpQY6rpbdsqA7zKWFUxTzisTH4j9E=
-go.einride.tech/sage v0.270.1/go.mod h1:EzV5uciFX7/2ho8EKB5K9JghOfXIxlzs694b+Tkl5GQ=
+go.einride.tech/sage v0.273.1 h1:OWxLKJ/B3jibwUYpvGRk0LrUhnzQXInImd9Z+2/DsHQ=
+go.einride.tech/sage v0.273.1/go.mod h1:EzV5uciFX7/2ho8EKB5K9JghOfXIxlzs694b+Tkl5GQ=

cmd/example-server/server.go

@@ -32,7 +32,7 @@ func newServer(spannerClient *spanner.Client) (*iamexample.Authorization, error)
 	}
 	iamServer, err := iamspanner.NewIAMServer(
 		spannerClient,
-		iamDescriptor.PredefinedRoles.Role,
+		iamDescriptor.PredefinedRoles.GetRole(),
 		iamcaller.FromContextResolver(),
 		iamspanner.ServerConfig{
 			ErrorHook: func(_ context.Context, err error) {
@@ -159,6 +159,6 @@ func (googleIdentityTokenCallerResolver) ResolveCaller(ctx context.Context) (*ia
 		}
 		iamcaller.Add(&result, authorizationKey, &metadata)
 	}
-	log.Printf("[IAM]\t%v %v", result.Members, result.Metadata)
+	log.Printf("[IAM]\t%v %v", result.GetMembers(), result.GetMetadata())
 	return &result, nil
 }

cmd/example-server/spanner.go

@@ -69,5 +69,5 @@ func newSpannerDatabase(ctx context.Context, conn *grpc.ClientConn) (*spanner.Cl
 		return nil, err
 	}
 	log.Println("created", createdDatabase)
-	return spanner.NewClient(ctx, createdDatabase.Name, option.WithGRPCConn(conn))
+	return spanner.NewClient(ctx, createdDatabase.GetName(), option.WithGRPCConn(conn))
 }

cmd/protoc-gen-go-iam/internal/geniam/authorization.go

@@ -170,7 +170,7 @@ func (c authorizationCodeGenerator) generateLongRunningOperationMethod(
 	g.P("ctx ", contextContext, ",")
 	g.P("request *", request, ",")
 	g.P(") (*", response, ", error) {")
-	switch options.Strategy.(type) {
+	switch options.GetStrategy().(type) {
 	case *iamv1.LongRunningOperationsAuthorizationOptions_None:
 		authorize := g.QualifiedGoIdent(protogen.GoIdent{
 			GoImportPath: "go.einride.tech/iam/iamauthz",

iamannotations/longrunningoperationsauthorization.go

@@ -17,7 +17,7 @@ func ResolveLongRunningOperationsAuthorizationOptions(
 	startPackage protoreflect.FullName,
 ) (*iamv1.LongRunningOperationsAuthorizationOptions, error) {
 	result := proto.Clone(options).(*iamv1.LongRunningOperationsAuthorizationOptions)
-	for _, operationPermissions := range result.OperationPermissions {
+	for _, operationPermissions := range result.GetOperationPermissions() {
 		operation, ok := resolveResource(files, startPackage, operationPermissions.GetOperation().GetType())
 		if !ok {
 			return nil, fmt.Errorf(
@@ -26,7 +26,7 @@ func ResolveLongRunningOperationsAuthorizationOptions(
 				operationPermissions.GetOperation().GetType(),
 			)
 		}
-		operationPermissions.Operation.Pattern = append(operationPermissions.Operation.Pattern, operation.Pattern...)
+		operationPermissions.Operation.Pattern = append(operationPermissions.Operation.Pattern, operation.GetPattern()...)
 	}
 	return result, nil
 }

iamannotations/methodauthorization.go

@@ -18,7 +18,7 @@ func ResolveMethodAuthorizationOptions(
 	startPackage protoreflect.FullName,
 ) (*iamv1.MethodAuthorizationOptions, error) {
 	result := proto.Clone(options).(*iamv1.MethodAuthorizationOptions)
-	if permissions, ok := result.Permissions.(*iamv1.MethodAuthorizationOptions_ResourcePermissions); ok {
+	if permissions, ok := result.GetPermissions().(*iamv1.MethodAuthorizationOptions_ResourcePermissions); ok {
 		for _, resourcePermission := range permissions.ResourcePermissions.GetResourcePermission() {
 			switch {
 			case resourcePermission.GetResource().GetType() == iamresource.Root:
@@ -34,14 +34,14 @@ func ResolveMethodAuthorizationOptions(
 						resourcePermission.GetResource().GetType(),
 					)
 				}
-				if len(resource.Pattern) == 0 {
+				if len(resource.GetPattern()) == 0 {
 					return nil, fmt.Errorf(
 						"resolve method authorization options in '%s': resource '%s' has no patterns",
 						resourcePermission.GetResource().GetType(),
 						startPackage,
 					)
 				}
-				resourcePermission.Resource.Pattern = append(resourcePermission.Resource.Pattern, resource.Pattern...)
+				resourcePermission.Resource.Pattern = append(resourcePermission.Resource.Pattern, resource.GetPattern()...)
 			}
 		}
 	}

iamannotations/resolveresource.go

@@ -20,7 +20,7 @@ func resolveResource(
 			if resource := proto.GetExtension(
 				message.Options(), annotations.E_Resource,
 			).(*annotations.ResourceDescriptor); resource != nil {
-				if resource.Type == resourceType {
+				if resource.GetType() == resourceType {
 					result = resource
 					return false
 				}
@@ -36,7 +36,7 @@ func resolveResource(
 		for _, resource := range proto.GetExtension(
 			file.Options(), annotations.E_ResourceDefinition,
 		).([]*annotations.ResourceDescriptor) {
-			if resource.Type == resourceType {
+			if resource.GetType() == resourceType {
 				result = resource
 				return false
 			}

iamannotations/validate.go

@@ -18,12 +18,12 @@ import (
 // ValidatePredefinedRoles validates a set of predefined roles.
 func ValidatePredefinedRoles(roles *iamv1.PredefinedRoles) error {
 	var result validation.MessageValidator
-	roleNames := make(map[string]struct{}, len(roles.Role))
-	for i, role := range roles.Role {
-		if _, ok := roleNames[role.Name]; ok {
+	roleNames := make(map[string]struct{}, len(roles.GetRole()))
+	for i, role := range roles.GetRole() {
+		if _, ok := roleNames[role.GetName()]; ok {
 			result.AddFieldViolation(fmt.Sprintf("role[%d].name", i), "name must be unique among all predefined roles")
 		} else {
-			roleNames[role.Name] = struct{}{}
+			roleNames[role.GetName()] = struct{}{}
 		}
 		if err := iamrole.Validate(role); err != nil {
 			result.AddFieldError(fmt.Sprintf("role[%d]", i), err)
@@ -38,7 +38,7 @@ func ValidateMethodAuthorizationOptions(
 	files *protoregistry.Files,
 ) error {
 	var result validation.MessageValidator
-	switch permissions := methodAuthorization.Permissions.(type) {
+	switch permissions := methodAuthorization.GetPermissions().(type) {
 	case *iamv1.MethodAuthorizationOptions_Permission:
 		if err := iampermission.Validate(permissions.Permission); err != nil {
 			result.AddFieldError("permission", err)
@@ -54,7 +54,7 @@ func ValidateMethodAuthorizationOptions(
 			result.AddFieldViolation("permissions", "one of (permission|resource_permissions) must be specified")
 		}
 	}
-	switch strategy := methodAuthorization.Strategy.(type) {
+	switch strategy := methodAuthorization.GetStrategy().(type) {
 	case *iamv1.MethodAuthorizationOptions_Before:
 		if err := validateBeforeStrategy(strategy, method); err != nil {
 			result.AddFieldError("before", err)
@@ -148,7 +148,7 @@ func validateResourcePermissions(
 			}
 		default:
 			if resource, ok := resolveResource(files, startPackage, resourcePermission.GetResource().GetType()); ok {
-				if len(resource.Pattern) == 0 {
+				if len(resource.GetPattern()) == 0 {
 					result.AddFieldViolation(
 						fmt.Sprintf("resource_permission[%d].resource.type", i),
 						"resolved resource '%s' has no patterns",
@@ -172,7 +172,7 @@ func ValidateLongRunningOperationsAuthorization(
 	options *iamv1.LongRunningOperationsAuthorizationOptions,
 ) error {
 	var result validation.MessageValidator
-	switch strategy := options.Strategy.(type) {
+	switch strategy := options.GetStrategy().(type) {
 	case *iamv1.LongRunningOperationsAuthorizationOptions_Before:
 		if !strategy.Before {
 			result.AddFieldViolation("before", "must be true")
@@ -188,10 +188,10 @@ func ValidateLongRunningOperationsAuthorization(
 	default:
 		result.AddFieldViolation("strategy", "one of (before|custom|none) must be specified")
 	}
-	if len(options.OperationPermissions) == 0 {
+	if len(options.GetOperationPermissions()) == 0 {
 		result.AddFieldViolation("operation_permissions", "required field")
 	}
-	for i, operationPermissions := range options.OperationPermissions {
+	for i, operationPermissions := range options.GetOperationPermissions() {
 		if err := validateOperationPermissions(operationPermissions); err != nil {
 			result.AddFieldError(fmt.Sprintf("operation_permissions[%d]", i), err)
 		}
@@ -201,40 +201,40 @@ func ValidateLongRunningOperationsAuthorization(
 
 func validateOperationPermissions(operationPermissions *iamv1.LongRunningOperationPermissions) error {
 	var result validation.MessageValidator
-	if operationPermissions.Operation == nil {
+	if operationPermissions.GetOperation() == nil {
 		result.AddFieldViolation("operation", "required field")
 	} else {
-		if operationPermissions.Operation.GetType() == "" {
+		if operationPermissions.GetOperation().GetType() == "" {
 			result.AddFieldViolation("operation.type", "required field")
 		}
-		for i, pattern := range operationPermissions.Operation.GetPattern() {
+		for i, pattern := range operationPermissions.GetOperation().GetPattern() {
 			if err := resourcename.ValidatePattern(pattern); err != nil {
 				result.AddFieldError(fmt.Sprintf("operation.type.pattern[%d]", i), err)
 			}
 		}
 	}
-	if operationPermissions.List != "" {
-		if err := iampermission.Validate(operationPermissions.List); err != nil {
+	if operationPermissions.GetList() != "" {
+		if err := iampermission.Validate(operationPermissions.GetList()); err != nil {
 			result.AddFieldError("list", err)
 		}
 	}
-	if operationPermissions.Get != "" {
-		if err := iampermission.Validate(operationPermissions.Get); err != nil {
+	if operationPermissions.GetGet() != "" {
+		if err := iampermission.Validate(operationPermissions.GetGet()); err != nil {
 			result.AddFieldError("get", err)
 		}
 	}
-	if operationPermissions.Cancel != "" {
-		if err := iampermission.Validate(operationPermissions.Cancel); err != nil {
+	if operationPermissions.GetCancel() != "" {
+		if err := iampermission.Validate(operationPermissions.GetCancel()); err != nil {
 			result.AddFieldError("cancel", err)
 		}
 	}
-	if operationPermissions.Delete != "" {
-		if err := iampermission.Validate(operationPermissions.Delete); err != nil {
+	if operationPermissions.GetDelete() != "" {
+		if err := iampermission.Validate(operationPermissions.GetDelete()); err != nil {
 			result.AddFieldError("delete", err)
 		}
 	}
-	if operationPermissions.Wait != "" {
-		if err := iampermission.Validate(operationPermissions.Wait); err != nil {
+	if operationPermissions.GetWait() != "" {
+		if err := iampermission.Validate(operationPermissions.GetWait()); err != nil {
 			result.AddFieldError("wait", err)
 		}
 	}

iamauthz/after.go

@@ -26,15 +26,15 @@ func NewAfterMethodAuthorization(
 	permissionTester iamcel.PermissionTester,
 	callerResolver iamcaller.Resolver,
 ) (*AfterMethodAuthorization, error) {
-	afterStrategy, ok := options.Strategy.(*iamv1.MethodAuthorizationOptions_After)
+	afterStrategy, ok := options.GetStrategy().(*iamv1.MethodAuthorizationOptions_After)
 	if !ok {
 		return nil, fmt.Errorf("strategy must be 'after'")
 	}
 	env, err := iamcel.NewAfterEnv(method)
 	if err != nil {
 		return nil, err
 	}
-	ast, issues := env.Compile(afterStrategy.After.Expression)
+	ast, issues := env.Compile(afterStrategy.After.GetExpression())
 	if issues.Err() != nil {
 		return nil, issues.Err()
 	}

iamauthz/before.go

@@ -26,15 +26,15 @@ func NewBeforeMethodAuthorization(
 	permissionTester iamcel.PermissionTester,
 	callerResolver iamcaller.Resolver,
 ) (*BeforeMethodAuthorization, error) {
-	beforeStrategy, ok := options.Strategy.(*iamv1.MethodAuthorizationOptions_Before)
+	beforeStrategy, ok := options.GetStrategy().(*iamv1.MethodAuthorizationOptions_Before)
 	if !ok {
 		return nil, fmt.Errorf("strategy must be 'before'")
 	}
 	env, err := iamcel.NewBeforeEnv(method)
 	if err != nil {
 		return nil, err
 	}
-	ast, issues := env.Compile(beforeStrategy.Before.Expression)
+	ast, issues := env.Compile(beforeStrategy.Before.GetExpression())
 	if issues.Err() != nil {
 		return nil, issues.Err()
 	}

iamcaller/caller.go

@@ -9,16 +9,16 @@ import (
 // Add adds the metadata resolved from the provided key to the provider caller info.
 func Add(caller *iamv1.Caller, key string, metadata *iamv1.Caller_Metadata) {
 MemberLoop:
-	for _, member := range metadata.Members {
-		for _, existingMember := range caller.Members {
+	for _, member := range metadata.GetMembers() {
+		for _, existingMember := range caller.GetMembers() {
 			if member == existingMember {
 				continue MemberLoop
 			}
 		}
 		caller.Members = append(caller.Members, member)
 	}
-	sort.Slice(caller.Members, func(i, j int) bool {
-		return caller.Members[i] < caller.Members[j]
+	sort.Slice(caller.GetMembers(), func(i, j int) bool {
+		return caller.GetMembers()[i] < caller.GetMembers()[j]
 	})
 	if caller.Metadata == nil {
 		caller.Metadata = map[string]*iamv1.Caller_Metadata{}

iamcaller/chain.go

@@ -33,12 +33,12 @@ func (c chainResolver) ResolveCaller(ctx context.Context) (*iamv1.Caller, error)
 		if err := Validate(nextCaller); err != nil {
 			return nil, fmt.Errorf("chain callers: resolver %d: %w", i, err)
 		}
-		for key, value := range nextCaller.Metadata {
+		for key, value := range nextCaller.GetMetadata() {
 			Add(&result, key, value)
 		}
 		// TODO: Remove this when CEL-Go supports async functions with context arguments.
-		if result.Context == nil && nextCaller.Context != nil {
-			result.Context = nextCaller.Context
+		if result.GetContext() == nil && nextCaller.GetContext() != nil {
+			result.Context = nextCaller.GetContext()
 		}
 	}
 	return &result, nil

iamcaller/validate.go

@@ -20,14 +20,14 @@ func Validate(caller *iamv1.Caller) error {
 
 func validateMembers(caller *iamv1.Caller) error {
 ValidateMembersLoop:
-	for _, member := range caller.Members {
+	for _, member := range caller.GetMembers() {
 		// Validate the member.
 		if err := iammember.Validate(member); err != nil {
 			return err
 		}
 		// Validate that the member is present in the metadata.
-		for _, metadata := range caller.Metadata {
-			for _, metadataMember := range metadata.Members {
+		for _, metadata := range caller.GetMetadata() {
+			for _, metadataMember := range metadata.GetMembers() {
 				if member == metadataMember {
 					continue ValidateMembersLoop
 				}
@@ -39,15 +39,15 @@ ValidateMembersLoop:
 }
 
 func validateMetadata(caller *iamv1.Caller) error {
-	for key, metadata := range caller.Metadata {
+	for key, metadata := range caller.GetMetadata() {
 	ValidateMetadataLoop:
-		for _, metadataMember := range metadata.Members {
+		for _, metadataMember := range metadata.GetMembers() {
 			// Validate the metadata member.
 			if err := iammember.Validate(metadataMember); err != nil {
 				return err
 			}
 			// Validate that the metadata member is present in the top-level members.
-			for _, callerMember := range caller.Members {
+			for _, callerMember := range caller.GetMembers() {
 				if metadataMember == callerMember {
 					continue ValidateMetadataLoop
 				}

iamexample/authorization.go

@@ -40,7 +40,11 @@ func (a *Authorization) UpdateShipment(
 	if err != nil {
 		return nil, err
 	}
-	if err := a.requireAny(ctx, permission, []string{shipment.OriginSite, shipment.DestinationSite}); err != nil {
+	if err := a.requireAny(
+		ctx,
+		permission,
+		[]string{shipment.GetOriginSite(), shipment.GetDestinationSite()},
+	); err != nil {
 		return nil, err
 	}
 	return a.Next.UpdateShipment(ctx, request)
@@ -52,8 +56,8 @@ func (a *Authorization) BatchGetShipments(
 ) (*iamexamplev1.BatchGetShipmentsResponse, error) {
 	iamauthz.Authorize(ctx)
 	const permission = "freight.shipments.get"
-	if request.Parent != "" {
-		if ok, err := a.test(ctx, permission, request.Parent); err != nil {
+	if request.GetParent() != "" {
+		if ok, err := a.test(ctx, permission, request.GetParent()); err != nil {
 			return nil, err
 		} else if ok {
 			return a.Next.BatchGetShipments(ctx, request)
@@ -63,11 +67,11 @@ func (a *Authorization) BatchGetShipments(
 	if err != nil {
 		return nil, err
 	}
-	resourcePermissions := make(map[string]string, 3*len(response.Shipments))
-	for _, shipment := range response.Shipments {
-		resourcePermissions[shipment.Name] = permission
-		resourcePermissions[shipment.OriginSite] = permission
-		resourcePermissions[shipment.DestinationSite] = permission
+	resourcePermissions := make(map[string]string, 3*len(response.GetShipments()))
+	for _, shipment := range response.GetShipments() {
+		resourcePermissions[shipment.GetName()] = permission
+		resourcePermissions[shipment.GetOriginSite()] = permission
+		resourcePermissions[shipment.GetDestinationSite()] = permission
 	}
 	caller, err := a.CallerResolver.ResolveCaller(ctx)
 	if err != nil {
@@ -77,9 +81,9 @@ func (a *Authorization) BatchGetShipments(
 	if err != nil {
 		return nil, err
 	}
-	for _, shipment := range response.Shipments {
-		if !(results[shipment.Name] || results[shipment.OriginSite] || results[shipment.DestinationSite]) {
-			return nil, status.Errorf(codes.PermissionDenied, "missing permission %s for %s", permission, shipment.Name)
+	for _, shipment := range response.GetShipments() {
+		if !(results[shipment.GetName()] || results[shipment.GetOriginSite()] || results[shipment.GetDestinationSite()]) {
+			return nil, status.Errorf(codes.PermissionDenied, "missing permission %s for %s", permission, shipment.GetName())
 		}
 	}
 	return response, nil