Refactor Auth Service Protos, Add Access Rules (#1411)

* Refactor auth/service into two protos * Accounts Proto * Store Prefixes * Misc * Tweak Protos Co-authored-by: Ben Toogood <ben@micro.mu> Co-authored-by: Asim Aslam <asim@aslam.me>
2020-03-26 13:12:43 +00:00
parent 7182ca1fd0
commit 844c456839
11 changed files with 895 additions and 291 deletions
--- a/auth/service/proto/rules/rules.pb.go
+++ b/auth/service/proto/rules/rules.pb.go
@@ -0,0 +1,398 @@
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// source: github.com/micro/go-micro/auth/service/proto/rules/rules.proto
+
+package go_micro_auth
+
+import (
+	fmt "fmt"
+	proto "github.com/golang/protobuf/proto"
+	auth "github.com/micro/go-micro/v2/auth/service/proto/auth"
+	math "math"
+)
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
+
+type Access int32
+
+const (
+	Access_UNKNOWN Access = 0
+	Access_GRANTED Access = 1
+	Access_DENIED  Access = 2
+)
+
+var Access_name = map[int32]string{
+	0: "UNKNOWN",
+	1: "GRANTED",
+	2: "DENIED",
+}
+
+var Access_value = map[string]int32{
+	"UNKNOWN": 0,
+	"GRANTED": 1,
+	"DENIED":  2,
+}
+
+func (x Access) String() string {
+	return proto.EnumName(Access_name, int32(x))
+}
+
+func (Access) EnumDescriptor() ([]byte, []int) {
+	return fileDescriptor_d5bb7c98c32bdd99, []int{0}
+}
+
+type Rule struct {
+	Id                   string         `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
+	Role                 string         `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"`
+	Resource             *auth.Resource `protobuf:"bytes,3,opt,name=resource,proto3" json:"resource,omitempty"`
+	Access               Access         `protobuf:"varint,4,opt,name=access,proto3,enum=go.micro.auth.Access" json:"access,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}       `json:"-"`
+	XXX_unrecognized     []byte         `json:"-"`
+	XXX_sizecache        int32          `json:"-"`
+}
+
+func (m *Rule) Reset()         { *m = Rule{} }
+func (m *Rule) String() string { return proto.CompactTextString(m) }
+func (*Rule) ProtoMessage()    {}
+func (*Rule) Descriptor() ([]byte, []int) {
+	return fileDescriptor_d5bb7c98c32bdd99, []int{0}
+}
+
+func (m *Rule) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_Rule.Unmarshal(m, b)
+}
+func (m *Rule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_Rule.Marshal(b, m, deterministic)
+}
+func (m *Rule) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_Rule.Merge(m, src)
+}
+func (m *Rule) XXX_Size() int {
+	return xxx_messageInfo_Rule.Size(m)
+}
+func (m *Rule) XXX_DiscardUnknown() {
+	xxx_messageInfo_Rule.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_Rule proto.InternalMessageInfo
+
+func (m *Rule) GetId() string {
+	if m != nil {
+		return m.Id
+	}
+	return ""
+}
+
+func (m *Rule) GetRole() string {
+	if m != nil {
+		return m.Role
+	}
+	return ""
+}
+
+func (m *Rule) GetResource() *auth.Resource {
+	if m != nil {
+		return m.Resource
+	}
+	return nil
+}
+
+func (m *Rule) GetAccess() Access {
+	if m != nil {
+		return m.Access
+	}
+	return Access_UNKNOWN
+}
+
+type CreateRequest struct {
+	Role                 string         `protobuf:"bytes,1,opt,name=role,proto3" json:"role,omitempty"`
+	Resource             *auth.Resource `protobuf:"bytes,2,opt,name=resource,proto3" json:"resource,omitempty"`
+	Access               Access         `protobuf:"varint,3,opt,name=access,proto3,enum=go.micro.auth.Access" json:"access,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}       `json:"-"`
+	XXX_unrecognized     []byte         `json:"-"`
+	XXX_sizecache        int32          `json:"-"`
+}
+
+func (m *CreateRequest) Reset()         { *m = CreateRequest{} }
+func (m *CreateRequest) String() string { return proto.CompactTextString(m) }
+func (*CreateRequest) ProtoMessage()    {}
+func (*CreateRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_d5bb7c98c32bdd99, []int{1}
+}
+
+func (m *CreateRequest) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_CreateRequest.Unmarshal(m, b)
+}
+func (m *CreateRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_CreateRequest.Marshal(b, m, deterministic)
+}
+func (m *CreateRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CreateRequest.Merge(m, src)
+}
+func (m *CreateRequest) XXX_Size() int {
+	return xxx_messageInfo_CreateRequest.Size(m)
+}
+func (m *CreateRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_CreateRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_CreateRequest proto.InternalMessageInfo
+
+func (m *CreateRequest) GetRole() string {
+	if m != nil {
+		return m.Role
+	}
+	return ""
+}
+
+func (m *CreateRequest) GetResource() *auth.Resource {
+	if m != nil {
+		return m.Resource
+	}
+	return nil
+}
+
+func (m *CreateRequest) GetAccess() Access {
+	if m != nil {
+		return m.Access
+	}
+	return Access_UNKNOWN
+}
+
+type CreateResponse struct {
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *CreateResponse) Reset()         { *m = CreateResponse{} }
+func (m *CreateResponse) String() string { return proto.CompactTextString(m) }
+func (*CreateResponse) ProtoMessage()    {}
+func (*CreateResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_d5bb7c98c32bdd99, []int{2}
+}
+
+func (m *CreateResponse) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_CreateResponse.Unmarshal(m, b)
+}
+func (m *CreateResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_CreateResponse.Marshal(b, m, deterministic)
+}
+func (m *CreateResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_CreateResponse.Merge(m, src)
+}
+func (m *CreateResponse) XXX_Size() int {
+	return xxx_messageInfo_CreateResponse.Size(m)
+}
+func (m *CreateResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_CreateResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_CreateResponse proto.InternalMessageInfo
+
+type DeleteRequest struct {
+	Role                 string         `protobuf:"bytes,1,opt,name=role,proto3" json:"role,omitempty"`
+	Resource             *auth.Resource `protobuf:"bytes,2,opt,name=resource,proto3" json:"resource,omitempty"`
+	Access               Access         `protobuf:"varint,3,opt,name=access,proto3,enum=go.micro.auth.Access" json:"access,omitempty"`
+	XXX_NoUnkeyedLiteral struct{}       `json:"-"`
+	XXX_unrecognized     []byte         `json:"-"`
+	XXX_sizecache        int32          `json:"-"`
+}
+
+func (m *DeleteRequest) Reset()         { *m = DeleteRequest{} }
+func (m *DeleteRequest) String() string { return proto.CompactTextString(m) }
+func (*DeleteRequest) ProtoMessage()    {}
+func (*DeleteRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_d5bb7c98c32bdd99, []int{3}
+}
+
+func (m *DeleteRequest) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_DeleteRequest.Unmarshal(m, b)
+}
+func (m *DeleteRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_DeleteRequest.Marshal(b, m, deterministic)
+}
+func (m *DeleteRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_DeleteRequest.Merge(m, src)
+}
+func (m *DeleteRequest) XXX_Size() int {
+	return xxx_messageInfo_DeleteRequest.Size(m)
+}
+func (m *DeleteRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_DeleteRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_DeleteRequest proto.InternalMessageInfo
+
+func (m *DeleteRequest) GetRole() string {
+	if m != nil {
+		return m.Role
+	}
+	return ""
+}
+
+func (m *DeleteRequest) GetResource() *auth.Resource {
+	if m != nil {
+		return m.Resource
+	}
+	return nil
+}
+
+func (m *DeleteRequest) GetAccess() Access {
+	if m != nil {
+		return m.Access
+	}
+	return Access_UNKNOWN
+}
+
+type DeleteResponse struct {
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *DeleteResponse) Reset()         { *m = DeleteResponse{} }
+func (m *DeleteResponse) String() string { return proto.CompactTextString(m) }
+func (*DeleteResponse) ProtoMessage()    {}
+func (*DeleteResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_d5bb7c98c32bdd99, []int{4}
+}
+
+func (m *DeleteResponse) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_DeleteResponse.Unmarshal(m, b)
+}
+func (m *DeleteResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_DeleteResponse.Marshal(b, m, deterministic)
+}
+func (m *DeleteResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_DeleteResponse.Merge(m, src)
+}
+func (m *DeleteResponse) XXX_Size() int {
+	return xxx_messageInfo_DeleteResponse.Size(m)
+}
+func (m *DeleteResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_DeleteResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_DeleteResponse proto.InternalMessageInfo
+
+type ListRequest struct {
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ListRequest) Reset()         { *m = ListRequest{} }
+func (m *ListRequest) String() string { return proto.CompactTextString(m) }
+func (*ListRequest) ProtoMessage()    {}
+func (*ListRequest) Descriptor() ([]byte, []int) {
+	return fileDescriptor_d5bb7c98c32bdd99, []int{5}
+}
+
+func (m *ListRequest) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_ListRequest.Unmarshal(m, b)
+}
+func (m *ListRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_ListRequest.Marshal(b, m, deterministic)
+}
+func (m *ListRequest) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListRequest.Merge(m, src)
+}
+func (m *ListRequest) XXX_Size() int {
+	return xxx_messageInfo_ListRequest.Size(m)
+}
+func (m *ListRequest) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListRequest.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ListRequest proto.InternalMessageInfo
+
+type ListResponse struct {
+	Rules                []*Rule  `protobuf:"bytes,1,rep,name=rules,proto3" json:"rules,omitempty"`
+	XXX_NoUnkeyedLiteral struct{} `json:"-"`
+	XXX_unrecognized     []byte   `json:"-"`
+	XXX_sizecache        int32    `json:"-"`
+}
+
+func (m *ListResponse) Reset()         { *m = ListResponse{} }
+func (m *ListResponse) String() string { return proto.CompactTextString(m) }
+func (*ListResponse) ProtoMessage()    {}
+func (*ListResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_d5bb7c98c32bdd99, []int{6}
+}
+
+func (m *ListResponse) XXX_Unmarshal(b []byte) error {
+	return xxx_messageInfo_ListResponse.Unmarshal(m, b)
+}
+func (m *ListResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	return xxx_messageInfo_ListResponse.Marshal(b, m, deterministic)
+}
+func (m *ListResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ListResponse.Merge(m, src)
+}
+func (m *ListResponse) XXX_Size() int {
+	return xxx_messageInfo_ListResponse.Size(m)
+}
+func (m *ListResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ListResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ListResponse proto.InternalMessageInfo
+
+func (m *ListResponse) GetRules() []*Rule {
+	if m != nil {
+		return m.Rules
+	}
+	return nil
+}
+
+func init() {
+	proto.RegisterEnum("go.micro.auth.Access", Access_name, Access_value)
+	proto.RegisterType((*Rule)(nil), "go.micro.auth.Rule")
+	proto.RegisterType((*CreateRequest)(nil), "go.micro.auth.CreateRequest")
+	proto.RegisterType((*CreateResponse)(nil), "go.micro.auth.CreateResponse")
+	proto.RegisterType((*DeleteRequest)(nil), "go.micro.auth.DeleteRequest")
+	proto.RegisterType((*DeleteResponse)(nil), "go.micro.auth.DeleteResponse")
+	proto.RegisterType((*ListRequest)(nil), "go.micro.auth.ListRequest")
+	proto.RegisterType((*ListResponse)(nil), "go.micro.auth.ListResponse")
+}
+
+func init() {
+	proto.RegisterFile("github.com/micro/go-micro/auth/service/proto/rules/rules.proto", fileDescriptor_d5bb7c98c32bdd99)
+}
+
+var fileDescriptor_d5bb7c98c32bdd99 = []byte{
+	// 384 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x93, 0x41, 0x6b, 0xdb, 0x30,
+	0x1c, 0xc5, 0x23, 0xc7, 0xf1, 0xb6, 0xbf, 0x97, 0x60, 0x34, 0xc6, 0x8c, 0xb7, 0x81, 0xc9, 0xc9,
+	0x1b, 0xc4, 0x06, 0xe7, 0x34, 0x18, 0x83, 0x30, 0x87, 0x30, 0x36, 0x3c, 0x10, 0x2d, 0x3d, 0x27,
+	0xce, 0x9f, 0xc4, 0xe0, 0x54, 0xa9, 0x64, 0xf7, 0x2b, 0xf4, 0xd6, 0x4f, 0xd8, 0x0f, 0x53, 0x2c,
+	0x39, 0xa1, 0x71, 0x1a, 0x68, 0x6e, 0xbd, 0x08, 0x49, 0xef, 0xe9, 0xf9, 0xa7, 0x67, 0x1b, 0x7e,
+	0xad, 0xf2, 0x72, 0x5d, 0x2d, 0xc2, 0x8c, 0x6f, 0xa2, 0x4d, 0x9e, 0x09, 0x1e, 0xad, 0xf8, 0x48,
+	0x4f, 0xe6, 0x55, 0xb9, 0x8e, 0x24, 0x8a, 0xdb, 0x3c, 0xc3, 0x68, 0x2b, 0x78, 0xc9, 0x23, 0x51,
+	0x15, 0x28, 0xf5, 0x18, 0xaa, 0x1d, 0xda, 0x5f, 0xf1, 0x50, 0xd9, 0xc3, 0xda, 0xee, 0xfd, 0x3c,
+	0x2b, 0x4e, 0x6d, 0xd5, 0x83, 0x0e, 0x1b, 0xde, 0x13, 0x30, 0x59, 0x55, 0x20, 0x1d, 0x80, 0x91,
+	0x2f, 0x5d, 0xe2, 0x93, 0xe0, 0x1d, 0x33, 0xf2, 0x25, 0xa5, 0x60, 0x0a, 0x5e, 0xa0, 0x6b, 0xa8,
+	0x1d, 0x35, 0xa7, 0x63, 0x78, 0x2b, 0x50, 0xf2, 0x4a, 0x64, 0xe8, 0x76, 0x7d, 0x12, 0xd8, 0xf1,
+	0xa7, 0xf0, 0x00, 0x26, 0x64, 0x8d, 0xcc, 0xf6, 0x46, 0x3a, 0x02, 0x6b, 0x9e, 0x65, 0x28, 0xa5,
+	0x6b, 0xfa, 0x24, 0x18, 0xc4, 0x1f, 0x5b, 0x47, 0x26, 0x4a, 0x64, 0x8d, 0x69, 0x78, 0x47, 0xa0,
+	0xff, 0x5b, 0xe0, 0xbc, 0x44, 0x86, 0x37, 0x15, 0xca, 0x72, 0x4f, 0x42, 0x4e, 0x90, 0x18, 0xe7,
+	0x93, 0x74, 0x5f, 0x42, 0xe2, 0xc0, 0x60, 0x07, 0x22, 0xb7, 0xfc, 0x5a, 0xa2, 0x62, 0x4b, 0xb0,
+	0xc0, 0x57, 0xc1, 0xb6, 0x03, 0x69, 0xd8, 0xfa, 0x60, 0xff, 0xcb, 0x65, 0xd9, 0x80, 0x0d, 0x7f,
+	0xc0, 0x7b, 0xbd, 0xd4, 0x32, 0xfd, 0x06, 0x3d, 0xf5, 0x0d, 0xb9, 0xc4, 0xef, 0x06, 0x76, 0xfc,
+	0xa1, 0x4d, 0x54, 0x15, 0xc8, 0xb4, 0xe3, 0x7b, 0x08, 0x96, 0x7e, 0x1a, 0xb5, 0xe1, 0xcd, 0x65,
+	0xfa, 0x37, 0xfd, 0x7f, 0x95, 0x3a, 0x9d, 0x7a, 0x31, 0x63, 0x93, 0xf4, 0x62, 0x9a, 0x38, 0x84,
+	0x02, 0x58, 0xc9, 0x34, 0xfd, 0x33, 0x4d, 0x1c, 0x23, 0x7e, 0x20, 0xd0, 0xab, 0xcf, 0x4b, 0x3a,
+	0x03, 0x4b, 0x37, 0x46, 0xbf, 0xb4, 0xf2, 0x0f, 0xde, 0xa8, 0xf7, 0xf5, 0x84, 0xda, 0x5c, 0xa5,
+	0x53, 0x07, 0xe9, 0xeb, 0x1d, 0x05, 0x1d, 0xd4, 0x7f, 0x14, 0xd4, 0xea, 0xa4, 0x43, 0x27, 0x60,
+	0xd6, 0x35, 0x50, 0xaf, 0x65, 0x7c, 0x52, 0x95, 0xf7, 0xf9, 0x59, 0x6d, 0x17, 0xb1, 0xb0, 0xd4,
+	0x8f, 0x32, 0x7e, 0x0c, 0x00, 0x00, 0xff, 0xff, 0x85, 0x65, 0x07, 0x9d, 0xb7, 0x03, 0x00, 0x00,
+}
--- a/auth/service/proto/rules/rules.pb.micro.go
+++ b/auth/service/proto/rules/rules.pb.micro.go
@@ -0,0 +1,120 @@
+// Code generated by protoc-gen-micro. DO NOT EDIT.
+// source: github.com/micro/go-micro/auth/service/proto/rules/rules.proto
+
+package go_micro_auth
+
+import (
+	fmt "fmt"
+	proto "github.com/golang/protobuf/proto"
+	_ "github.com/micro/go-micro/v2/auth/service/proto/auth"
+	math "math"
+)
+
+import (
+	context "context"
+	client "github.com/micro/go-micro/v2/client"
+	server "github.com/micro/go-micro/v2/server"
+)
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ context.Context
+var _ client.Option
+var _ server.Option
+
+// Client API for Rules service
+
+type RulesService interface {
+	Create(ctx context.Context, in *CreateRequest, opts ...client.CallOption) (*CreateResponse, error)
+	Delete(ctx context.Context, in *DeleteRequest, opts ...client.CallOption) (*DeleteResponse, error)
+	List(ctx context.Context, in *ListRequest, opts ...client.CallOption) (*ListResponse, error)
+}
+
+type rulesService struct {
+	c    client.Client
+	name string
+}
+
+func NewRulesService(name string, c client.Client) RulesService {
+	return &rulesService{
+		c:    c,
+		name: name,
+	}
+}
+
+func (c *rulesService) Create(ctx context.Context, in *CreateRequest, opts ...client.CallOption) (*CreateResponse, error) {
+	req := c.c.NewRequest(c.name, "Rules.Create", in)
+	out := new(CreateResponse)
+	err := c.c.Call(ctx, req, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *rulesService) Delete(ctx context.Context, in *DeleteRequest, opts ...client.CallOption) (*DeleteResponse, error) {
+	req := c.c.NewRequest(c.name, "Rules.Delete", in)
+	out := new(DeleteResponse)
+	err := c.c.Call(ctx, req, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *rulesService) List(ctx context.Context, in *ListRequest, opts ...client.CallOption) (*ListResponse, error) {
+	req := c.c.NewRequest(c.name, "Rules.List", in)
+	out := new(ListResponse)
+	err := c.c.Call(ctx, req, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// Server API for Rules service
+
+type RulesHandler interface {
+	Create(context.Context, *CreateRequest, *CreateResponse) error
+	Delete(context.Context, *DeleteRequest, *DeleteResponse) error
+	List(context.Context, *ListRequest, *ListResponse) error
+}
+
+func RegisterRulesHandler(s server.Server, hdlr RulesHandler, opts ...server.HandlerOption) error {
+	type rules interface {
+		Create(ctx context.Context, in *CreateRequest, out *CreateResponse) error
+		Delete(ctx context.Context, in *DeleteRequest, out *DeleteResponse) error
+		List(ctx context.Context, in *ListRequest, out *ListResponse) error
+	}
+	type Rules struct {
+		rules
+	}
+	h := &rulesHandler{hdlr}
+	return s.Handle(s.NewHandler(&Rules{h}, opts...))
+}
+
+type rulesHandler struct {
+	RulesHandler
+}
+
+func (h *rulesHandler) Create(ctx context.Context, in *CreateRequest, out *CreateResponse) error {
+	return h.RulesHandler.Create(ctx, in, out)
+}
+
+func (h *rulesHandler) Delete(ctx context.Context, in *DeleteRequest, out *DeleteResponse) error {
+	return h.RulesHandler.Delete(ctx, in, out)
+}
+
+func (h *rulesHandler) List(ctx context.Context, in *ListRequest, out *ListResponse) error {
+	return h.RulesHandler.List(ctx, in, out)
+}
--- a/auth/service/proto/rules/rules.proto
+++ b/auth/service/proto/rules/rules.proto
@@ -0,0 +1,47 @@
+syntax = "proto3";
+
+package go.micro.auth;
+
+import "github.com/micro/go-micro/auth/service/proto/auth/auth.proto";
+
+service Rules {
+	rpc Create(CreateRequest) returns (CreateResponse) {};
+	rpc Delete(DeleteRequest) returns (DeleteResponse) {};
+	rpc List(ListRequest) returns (ListResponse) {};
+}
+
+enum Access {
+	UNKNOWN = 0;
+	GRANTED = 1;
+	DENIED = 2;
+}
+
+message Rule {
+	string id = 1;
+	string role = 2;
+	Resource resource = 3;
+	Access access = 4;
+}
+
+message CreateRequest {
+	string role = 1;
+  Resource resource = 2;
+  Access access = 3;
+}
+
+message CreateResponse {}
+
+message DeleteRequest {
+	string role = 1;
+  Resource resource = 2;
+  Access access = 3;
+}
+
+message DeleteResponse {}
+
+message ListRequest {
+}
+
+message ListResponse {
+	repeated Rule rules = 1;
+}