aserto-rails 0.0.1 → 0.20.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +23 -14
- data/VERSION +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3d7ae40725c31eb1adcb2d1df88a1a67e29dff3706d6c30ad830ea13feb5e875
|
4
|
+
data.tar.gz: 12557df817e967e8f158ece18607a4fbd5110b8895e177f6d48b5b212bddb919
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 177ef05bc61a60f51b84cd6bfe8ff2f914489209dff0d20818cfc8aed29d1ce74f16d029a2ee8905dfa3b702357cf53ed5156d2c1c2686866857be7dd5a00416
|
7
|
+
data.tar.gz: c9e3e55508e09dab96f9373eba3b3347b57490de405b6b7995e9f4a4771daa3f192e95fdd00d61133fbf291c1d980a030edbf3a59c792d5e31de23a99943465b
|
data/README.md
CHANGED
@@ -1,5 +1,10 @@
|
|
1
1
|
# Aserto Rails
|
2
2
|
|
3
|
+
[![Gem Version](https://badge.fury.io/rb/aserto-rails.svg)](https://badge.fury.io/rb/aserto-rails)
|
4
|
+
[![ci](https://github.com/aserto-dev/aserto-rails/actions/workflows/ci.yaml/badge.svg)](https://github.com/aserto-dev/aserto-rails/actions/workflows/ci.yaml)
|
5
|
+
[![slack](https://img.shields.io/badge/slack-Aserto%20Community-brightgreen)](https://asertocommunity.slack.com
|
6
|
+
)
|
7
|
+
|
3
8
|
Aserto authorization library for Ruby and Ruby on Rails.
|
4
9
|
|
5
10
|
Built on top of [aserto](https://github.com/aserto-dev/aserto-ruby) and [aserto-grpc-authz](https://github.com/aserto-dev/ruby-grpc-authz).
|
@@ -26,7 +31,7 @@ gem install aserto-rails
|
|
26
31
|
```
|
27
32
|
|
28
33
|
## Configuration
|
29
|
-
The following configuration settings are required for
|
34
|
+
The following configuration settings are required for authorization:
|
30
35
|
- policy_id
|
31
36
|
- tenant_id
|
32
37
|
- authorizer_api_key
|
@@ -34,26 +39,26 @@ The following configuration settings are required for the authorization middlewa
|
|
34
39
|
|
35
40
|
These settings can be retrieved from the [Policy Settings](https://console.aserto.com/ui/policies) page of your Aserto account.
|
36
41
|
|
37
|
-
|
42
|
+
Optional parameters:
|
38
43
|
|
39
44
|
| Parameter name | Default value | Description |
|
40
45
|
| -------------- | ------------- | ----------- |
|
41
46
|
| service_url | `"authorizer.prod.aserto.com:8443"` | Sets the URL for the authorizer endpoint. |
|
42
|
-
| decision | `"allowed"` | The decision that will be used
|
43
|
-
| logger | `STDOUT` | The logger to be used
|
47
|
+
| decision | `"allowed"` | The decision that will be used when executing an authorizer request. |
|
48
|
+
| logger | `STDOUT` | The logger to be used. |
|
44
49
|
| identity_mapping | `{ type: :none }` | The strategy for retrieveing the identity, possible values: `:jwt, :sub, :none` |
|
45
50
|
|
46
51
|
## Identity
|
47
|
-
To determine the identity of the user, the
|
52
|
+
To determine the identity of the user, the gem can be configured to use a JWT token or a claim using the `identity_mapping` config.
|
48
53
|
```ruby
|
49
|
-
# configure the
|
54
|
+
# configure the gem to use a JWT token form the `my-auth-header` header.
|
50
55
|
config.identity_mapping = {
|
51
56
|
type: :jwt,
|
52
57
|
from: "my-auth-header",
|
53
58
|
}
|
54
59
|
```
|
55
60
|
```ruby
|
56
|
-
# configure the
|
61
|
+
# configure the gem to use a claim from the JWT token.
|
57
62
|
# This will decode the JWT token and extract the `sub` field from payload.
|
58
63
|
config.identity_mapping = {
|
59
64
|
type: :sub,
|
@@ -76,7 +81,7 @@ end
|
|
76
81
|
```
|
77
82
|
|
78
83
|
## URL path to policy mapping
|
79
|
-
By default, when computing the policy path
|
84
|
+
By default, when computing the policy path:
|
80
85
|
* converts all slashes to dots
|
81
86
|
* converts any character that is not alpha, digit, dot or underscore to underscore
|
82
87
|
* converts uppercase characters in the URL path to lowercases
|
@@ -96,7 +101,7 @@ end
|
|
96
101
|
```
|
97
102
|
|
98
103
|
## Resource
|
99
|
-
A resource can be any structured data that the authorization policy uses to evaluate decisions. By default,
|
104
|
+
A resource can be any structured data that the authorization policy uses to evaluate decisions. By default, gem do not include a resource in authorization calls.
|
100
105
|
|
101
106
|
This behavior can be overwritten by providing a custom function:
|
102
107
|
|
@@ -114,13 +119,14 @@ end
|
|
114
119
|
# config/initializers/aserto.rb
|
115
120
|
require "aserto/rails"
|
116
121
|
|
117
|
-
|
122
|
+
Aserto.configure do |config|
|
118
123
|
config.enabled = true
|
119
|
-
config.
|
120
|
-
config.
|
124
|
+
config.policy_name = "my-policy-name"
|
125
|
+
config.instance_label = "my-instance"
|
121
126
|
config.authorizer_api_key = Rails.application.credentials.aserto[:authorizer_api_key]
|
122
127
|
config.policy_root = "peoplefinder"
|
123
|
-
config.service_url = "
|
128
|
+
config.service_url = "localhost:8282"
|
129
|
+
config.cert_path = "/path/to/topaz/cert.crt"
|
124
130
|
config.decision = "allowed"
|
125
131
|
config.logger = Rails.logger
|
126
132
|
config.identity_mapping = {
|
@@ -141,12 +147,15 @@ def show
|
|
141
147
|
end
|
142
148
|
```
|
143
149
|
|
144
|
-
Setting this for every action can be tedious, therefore the `aserto_authorize_resource` method is provided to
|
150
|
+
Setting this for every action can be tedious, therefore the `aserto_authorize_resource` method is provided to
|
151
|
+
automatically authorize all actions in a RESTful style resource controller.
|
145
152
|
It will use a before action to load the resource into an instance variable and authorize it for every action.
|
146
153
|
|
147
154
|
```ruby
|
148
155
|
class PostsController < ApplicationController
|
149
156
|
aserto_authorize_resource
|
157
|
+
# aserto_authorize_resource only: %i[show]
|
158
|
+
# aserto_authorize_resource except: %i[index]
|
150
159
|
|
151
160
|
def show
|
152
161
|
# getting a single post authorized
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.0
|
1
|
+
0.20.0
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aserto-rails
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0
|
4
|
+
version: 0.20.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Aserto
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-10-26 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aserto
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.20.2
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.20.2
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: appraisal
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|