aserto 0.0.1 → 0.0.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 16cd06af827e4a2522cefc9d6d699d4e7d027ca6780a7d70560e2b6bf1abca24
4
- data.tar.gz: 0e23e7ccdb687e005b57f80b446dfce4dce244df30c5c7411b4634aa1c2f0e45
3
+ metadata.gz: 265e22aba2a89ca1da3792a7648725d785686d045cc9740eae205f4c89992c76
4
+ data.tar.gz: e5425ba2adb3b23f341757d9cb7babeaebf9773c5bba7e40aa506143f4506a63
5
5
  SHA512:
6
- metadata.gz: 460cd9aa2f3380aff50a1ca15ebb6f052c8de0f34a98ba8fc84a7bc21c740cc1ab51ee954976010fb27a2d757ca42ef4d3853b544c4447282bedbca4405ae910
7
- data.tar.gz: 0c339a31a7c92c0ace5139f0cd7081f06e9ea77ad5afc43d21e62d758ad36187ebbad4d0901207b6b03ed09982a99b93f0535b3bd779fb79b93f1d1f0004f8c0
6
+ metadata.gz: 0cbe00e79be969233b42f548b260a763dbb06ec5d10180bdbafe5346f25c26929f3e1d16dc5a27e44e03ffea9feee1575eac05324a955b39a1876781b81856da
7
+ data.tar.gz: f688ba5bfc91bb5dd4d1d8a19096e4aa1e5b78a51d00d384cd288d2638b04e9eafc72d624983f06c5d2acde48ba3228ec4a8a018e57459e21876d5a5a220fd5d
data/README.md CHANGED
@@ -1,5 +1,10 @@
1
1
  # Ruby Rack Middleware for Aserto
2
2
 
3
+ [![Gem Version](https://badge.fury.io/rb/aserto.svg)](https://badge.fury.io/rb/aserto)
4
+ [![ci](https://github.com/aserto-dev/aserto-ruby/actions/workflows/ci.yaml/badge.svg)](https://github.com/aserto-dev/aserto-ruby/actions/workflows/ci.yaml)
5
+ [![slack](https://img.shields.io/badge/slack-Aserto%20Community-brightgreen)](https://asertocommunity.slack.com
6
+ )
7
+
3
8
  `Aserto::Authorization` is a middleware that allows Ruby applications to use Aserto as the Authorization provider.
4
9
 
5
10
  ## Prerequisites
@@ -39,14 +44,14 @@ The middleware accepts the following optional parameters:
39
44
  | service_url | `"authorizer.prod.aserto.com:8443"` | Sets the URL for the authorizer endpoint. |
40
45
  | decision | `"allowed"` | The decision that will be used by the middleware when creating an authorizer request. |
41
46
  | logger | `STDOUT` | The logger to be used by the middleware. |
42
- | identity_mapping | `{ type: :none }` | The strategy for retrieveing the identity, possible values: `:jwt, :sub, :none` |
47
+ | identity_mapping | `{ type: :none }` | The strategy for retrieving the identity, possible values: `:jwt, :sub, :none` |
43
48
  | disabled_for | `[{}]` | Which path and actions to skip the authorization for. |
44
49
  | on_unauthorized | `-> { return [403, {}, ["Forbidden"]] }`| A lambda that is executed when the authorization fails. |
45
50
 
46
51
  ## Identity
47
52
  To determine the identity of the user, the middleware can be configured to use a JWT token or a claim using the `identity_mapping` config.
48
53
  ```ruby
49
- # configure the middleware to use a JWT token form the `my-auth-header` header.
54
+ # configure the middleware to use a JWT token from the `my-auth-header` header.
50
55
  config.identity_mapping = {
51
56
  type: :jwt,
52
57
  from: "my-auth-header",
@@ -54,7 +59,7 @@ config.identity_mapping = {
54
59
  ```
55
60
  ```ruby
56
61
  # configure the middleware to use a claim from the JWT token.
57
- # This will decode the JWT token and extract the `sub` field from payload.
62
+ # This will decode the JWT token and extract the `sub` field from the payload.
58
63
  config.identity_mapping = {
59
64
  type: :sub,
60
65
  from: :sub,
@@ -81,7 +86,7 @@ By default, when computing the policy path, the middleware:
81
86
  * converts any character that is not alpha, digit, dot or underscore to underscore
82
87
  * converts uppercase characters in the URL path to lowercases
83
88
 
84
- This behavior can be overwritten by providing a custom function:
89
+ This behaviour can be overwritten by providing a custom function:
85
90
 
86
91
  ```ruby
87
92
  # config/initializers/aserto.rb
@@ -96,9 +101,9 @@ end
96
101
  ```
97
102
 
98
103
  ## Resource
99
- A resource can be any structured data that the authorization policy uses to evaluate decisions. By default, middleware do not include a resource in authorization calls.
104
+ A resource can be any structured data that the authorization policy uses to evaluate decisions. By default, middleware does not include a resource in authorization calls.
100
105
 
101
- This behavior can be overwritten by providing a custom function:
106
+ This behaviour can be overwritten by providing a custom function:
102
107
 
103
108
  ```ruby
104
109
  # config/initializers/aserto.rb
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.0.1
1
+ 0.0.2
@@ -2,6 +2,10 @@
2
2
 
3
3
  require "aserto-grpc-authz"
4
4
 
5
+ require_relative "identity_mapper"
6
+ require_relative "policy_path_mapper"
7
+ require_relative "resource_mapper"
8
+
5
9
  module Aserto
6
10
  class AuthClient
7
11
  attr_reader :client, :config, :request
@@ -32,11 +32,11 @@ module Aserto
32
32
 
33
33
  def route(request)
34
34
  if defined? ::Rails
35
- require "aserto/rails/utils"
35
+ require_relative "rails/utils"
36
36
 
37
37
  Aserto::Rails::Utils.route(request)
38
38
  elsif defined? ::Sinatra
39
- require "aserto/sinatra/utils"
39
+ require_relative "sinatra/utils"
40
40
  Aserto::Sinatra::Utils.route(request)
41
41
  end
42
42
  end
@@ -0,0 +1,30 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Aserto
4
+ class Error < StandardError; end
5
+
6
+ class AccessDenied < Error
7
+ attr_reader :action, :conditions
8
+ attr_writer :default_message
9
+
10
+ def initialize(message = nil, action = nil, conditions = nil)
11
+ @message = message
12
+ @action = action
13
+ @conditions = conditions
14
+ @default_message = I18n.t(:"unauthorized.default", default: "You are not authorized to access this page.")
15
+ super()
16
+ end
17
+
18
+ def to_s
19
+ @message || @default_message
20
+ end
21
+
22
+ def inspect
23
+ details = %i[action conditions message].filter_map do |attribute|
24
+ value = instance_variable_get "@#{attribute}"
25
+ "#{attribute}: #{value.inspect}" if value.present?
26
+ end.join(", ")
27
+ "#<#{self.class.name} #{details}>"
28
+ end
29
+ end
30
+ end
@@ -8,14 +8,14 @@ module Aserto
8
8
  path = request.path_info
9
9
 
10
10
  if defined? ::Rails
11
- require "aserto/rails/utils"
11
+ require_relative "rails/utils"
12
12
 
13
13
  route = Aserto::Rails::Utils.route(request)
14
14
  path = route[:path] if route
15
15
  end
16
16
 
17
17
  if defined? ::Sinatra
18
- require "aserto/sinatra/utils"
18
+ require_relative "sinatra/utils"
19
19
 
20
20
  route = Aserto::Sinatra::Utils.route(request)
21
21
  path = route[:path] if route
data/lib/aserto.rb CHANGED
@@ -10,6 +10,7 @@ require_relative "aserto/policy_path_mapper"
10
10
  require_relative "aserto/identity_mapper"
11
11
  require_relative "aserto/resource_mapper"
12
12
  require_relative "aserto/auth_client"
13
+ require_relative "aserto/errors"
13
14
 
14
15
  module Aserto
15
16
  class << self
@@ -61,7 +62,7 @@ module Aserto
61
62
  # Aserto.with_identity_mapper do |request|
62
63
  # {
63
64
  # sub: "test",
64
- # type: Aserto::Api::V1::IdentityType::IDENTITY_TYPE_NONE
65
+ # type: :none
65
66
  # }
66
67
  # end
67
68
  def with_identity_mapper
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aserto
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
4
+ version: 0.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Aserto
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-07-19 00:00:00.000000000 Z
11
+ date: 2022-07-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aserto-grpc-authz
@@ -156,6 +156,7 @@ files:
156
156
  - lib/aserto/auth_client.rb
157
157
  - lib/aserto/authorization.rb
158
158
  - lib/aserto/config.rb
159
+ - lib/aserto/errors.rb
159
160
  - lib/aserto/identity_mapper.rb
160
161
  - lib/aserto/identity_mapper/base.rb
161
162
  - lib/aserto/identity_mapper/jwt.rb
@@ -174,6 +175,7 @@ metadata:
174
175
  homepage_uri: https://www.aserto.com
175
176
  source_code_uri: https://github.com/aserto-dev/aserto-ruby
176
177
  changelog_uri: https://github.com/aserto-dev/aserto-ruby
178
+ documentation_uri: https://docs.aserto.com/docs/software-development-kits/ruby/middleware
177
179
  rubygems_mfa_required: 'true'
178
180
  post_install_message:
179
181
  rdoc_options: []