aserto-rails 0.0.1 → 0.20.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +23 -14
  3. data/VERSION +1 -1
  4. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 2c80c8f7b8f213573d3e79b76e70e98747046dd617a7a5ccb53def1da90119be
4
- data.tar.gz: 18446a39215b54a1d401ebda2e7603d82934c3e7dcc4825d6af7a966f006bbbc
3
+ metadata.gz: 3d7ae40725c31eb1adcb2d1df88a1a67e29dff3706d6c30ad830ea13feb5e875
4
+ data.tar.gz: 12557df817e967e8f158ece18607a4fbd5110b8895e177f6d48b5b212bddb919
5
5
  SHA512:
6
- metadata.gz: 2c7436cec3d05adc828ce7a4a420c0e597e0eef4cd4f3a4848ea8c6cc229da3eb26f1c6db08d6993202bd12898331b1d1a084f5fcf196ce1df70849f7505dfdc
7
- data.tar.gz: e2e539042d697de666858e9df0ed0d651d9cf248e750088f9fa2a3e595cd8e9d48e1e5879f2ee2640ab1c96bf1201c70bb09a9265d89f750ba1fcb1459064d33
6
+ metadata.gz: 177ef05bc61a60f51b84cd6bfe8ff2f914489209dff0d20818cfc8aed29d1ce74f16d029a2ee8905dfa3b702357cf53ed5156d2c1c2686866857be7dd5a00416
7
+ data.tar.gz: c9e3e55508e09dab96f9373eba3b3347b57490de405b6b7995e9f4a4771daa3f192e95fdd00d61133fbf291c1d980a030edbf3a59c792d5e31de23a99943465b
data/README.md CHANGED
@@ -1,5 +1,10 @@
1
1
  # Aserto Rails
2
2
 
3
+ [![Gem Version](https://badge.fury.io/rb/aserto-rails.svg)](https://badge.fury.io/rb/aserto-rails)
4
+ [![ci](https://github.com/aserto-dev/aserto-rails/actions/workflows/ci.yaml/badge.svg)](https://github.com/aserto-dev/aserto-rails/actions/workflows/ci.yaml)
5
+ [![slack](https://img.shields.io/badge/slack-Aserto%20Community-brightgreen)](https://asertocommunity.slack.com
6
+ )
7
+
3
8
  Aserto authorization library for Ruby and Ruby on Rails.
4
9
 
5
10
  Built on top of [aserto](https://github.com/aserto-dev/aserto-ruby) and [aserto-grpc-authz](https://github.com/aserto-dev/ruby-grpc-authz).
@@ -26,7 +31,7 @@ gem install aserto-rails
26
31
  ```
27
32
 
28
33
  ## Configuration
29
- The following configuration settings are required for the authorization middleware:
34
+ The following configuration settings are required for authorization:
30
35
  - policy_id
31
36
  - tenant_id
32
37
  - authorizer_api_key
@@ -34,26 +39,26 @@ The following configuration settings are required for the authorization middlewa
34
39
 
35
40
  These settings can be retrieved from the [Policy Settings](https://console.aserto.com/ui/policies) page of your Aserto account.
36
41
 
37
- The middleware accepts the following optional parameters:
42
+ Optional parameters:
38
43
 
39
44
  | Parameter name | Default value | Description |
40
45
  | -------------- | ------------- | ----------- |
41
46
  | service_url | `"authorizer.prod.aserto.com:8443"` | Sets the URL for the authorizer endpoint. |
42
- | decision | `"allowed"` | The decision that will be used by the middleware when creating an authorizer request. |
43
- | logger | `STDOUT` | The logger to be used by the middleware. |
47
+ | decision | `"allowed"` | The decision that will be used when executing an authorizer request. |
48
+ | logger | `STDOUT` | The logger to be used. |
44
49
  | identity_mapping | `{ type: :none }` | The strategy for retrieveing the identity, possible values: `:jwt, :sub, :none` |
45
50
 
46
51
  ## Identity
47
- To determine the identity of the user, the middleware can be configured to use a JWT token or a claim using the `identity_mapping` config.
52
+ To determine the identity of the user, the gem can be configured to use a JWT token or a claim using the `identity_mapping` config.
48
53
  ```ruby
49
- # configure the middleware to use a JWT token form the `my-auth-header` header.
54
+ # configure the gem to use a JWT token form the `my-auth-header` header.
50
55
  config.identity_mapping = {
51
56
  type: :jwt,
52
57
  from: "my-auth-header",
53
58
  }
54
59
  ```
55
60
  ```ruby
56
- # configure the middleware to use a claim from the JWT token.
61
+ # configure the gem to use a claim from the JWT token.
57
62
  # This will decode the JWT token and extract the `sub` field from payload.
58
63
  config.identity_mapping = {
59
64
  type: :sub,
@@ -76,7 +81,7 @@ end
76
81
  ```
77
82
 
78
83
  ## URL path to policy mapping
79
- By default, when computing the policy path, the middleware:
84
+ By default, when computing the policy path:
80
85
  * converts all slashes to dots
81
86
  * converts any character that is not alpha, digit, dot or underscore to underscore
82
87
  * converts uppercase characters in the URL path to lowercases
@@ -96,7 +101,7 @@ end
96
101
  ```
97
102
 
98
103
  ## Resource
99
- A resource can be any structured data that the authorization policy uses to evaluate decisions. By default, middleware do not include a resource in authorization calls.
104
+ A resource can be any structured data that the authorization policy uses to evaluate decisions. By default, gem do not include a resource in authorization calls.
100
105
 
101
106
  This behavior can be overwritten by providing a custom function:
102
107
 
@@ -114,13 +119,14 @@ end
114
119
  # config/initializers/aserto.rb
115
120
  require "aserto/rails"
116
121
 
117
- Rails.application.config.middleware.use Aserto::Authorization do |config|
122
+ Aserto.configure do |config|
118
123
  config.enabled = true
119
- config.policy_id = "my-policy-id"
120
- config.tenant_id = "my-tenant-id"
124
+ config.policy_name = "my-policy-name"
125
+ config.instance_label = "my-instance"
121
126
  config.authorizer_api_key = Rails.application.credentials.aserto[:authorizer_api_key]
122
127
  config.policy_root = "peoplefinder"
123
- config.service_url = "authorizer.eng.aserto.com:8443"
128
+ config.service_url = "localhost:8282"
129
+ config.cert_path = "/path/to/topaz/cert.crt"
124
130
  config.decision = "allowed"
125
131
  config.logger = Rails.logger
126
132
  config.identity_mapping = {
@@ -141,12 +147,15 @@ def show
141
147
  end
142
148
  ```
143
149
 
144
- Setting this for every action can be tedious, therefore the `aserto_authorize_resource` method is provided to automatically authorize all actions in a RESTful style resource controller.
150
+ Setting this for every action can be tedious, therefore the `aserto_authorize_resource` method is provided to
151
+ automatically authorize all actions in a RESTful style resource controller.
145
152
  It will use a before action to load the resource into an instance variable and authorize it for every action.
146
153
 
147
154
  ```ruby
148
155
  class PostsController < ApplicationController
149
156
  aserto_authorize_resource
157
+ # aserto_authorize_resource only: %i[show]
158
+ # aserto_authorize_resource except: %i[index]
150
159
 
151
160
  def show
152
161
  # getting a single post authorized
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.0.1
1
+ 0.20.0
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aserto-rails
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
4
+ version: 0.20.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Aserto
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-07-27 00:00:00.000000000 Z
11
+ date: 2022-10-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aserto
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: 0.0.4
19
+ version: 0.20.2
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: 0.0.4
26
+ version: 0.20.2
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: appraisal
29
29
  requirement: !ruby/object:Gem::Requirement