aserto 0.0.2 → 0.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 265e22aba2a89ca1da3792a7648725d785686d045cc9740eae205f4c89992c76
-  data.tar.gz: e5425ba2adb3b23f341757d9cb7babeaebf9773c5bba7e40aa506143f4506a63
+  metadata.gz: a85bdfae072c313aeb99cc709595cd5f7af5b3421bfcb9378cab65c1b3cd24ec
+  data.tar.gz: 3c77d880673ebfa56b9ad47e597a4e2d79e657521f08cc2d8f93d8d3f0bfecf5
 SHA512:
-  metadata.gz: 0cbe00e79be969233b42f548b260a763dbb06ec5d10180bdbafe5346f25c26929f3e1d16dc5a27e44e03ffea9feee1575eac05324a955b39a1876781b81856da
-  data.tar.gz: f688ba5bfc91bb5dd4d1d8a19096e4aa1e5b78a51d00d384cd288d2638b04e9eafc72d624983f06c5d2acde48ba3228ec4a8a018e57459e21876d5a5a220fd5d
+  metadata.gz: eb416ffe02aa2cb41e01e71589f059889002fbfcbedef3c7a53ea621c742d482f2fbeb1c6655958514128b574c876d9899183855de0cb42ce0be76c685e374bc
+  data.tar.gz: 0e1b38f26f94c81acf25bc67177c5fba47f25b057d717e995723ad8c7160fd01cd3c4cf8fc6ddc6f7a802f5279a94f567621b63118e9b4dc6f8ac3d3f5a5eec8

data/VERSION

@@ -1 +1 @@
-0.0.2
+0.0.3

data/lib/aserto/auth_client.rb

@@ -29,17 +29,27 @@ module Aserto
     end
 
     def is
-      is_request = Aserto::Authorizer::Authorizer::V1::IsRequest.new(
-        {
-          policy_context: policy_context,
-          identity_context: identity_context,
-          resource_context: resource_context
-        }
-      )
+      exec_is(config.decision)
+    end
+
+    def allowed?
+      exec_is("allowed")
+    end
+
+    def visible?
+      exec_is("visible")
+    end
+
+    def enabled?
+      exec_is("enabled")
+    end
 
+    private
+
+    def exec_is(decision)
       begin
         response = client.is(
-          is_request, { metadata: {
+          request_is(decision), { metadata: {
             "aserto-tenant-id": config.tenant_id,
             authorization: "basic #{config.authorizer_api_key}"
           } }
@@ -48,12 +58,24 @@ module Aserto
         Aserto.logger.error(e.inspect)
         false
       end
-      response.to_h.dig(:decisions, 0, :is) || false
+
+      decision = response.decisions.find { |el| el.decision == decision }
+      return false unless decision
+
+      decision.is
     end
 
-    private
+    def request_is(decision)
+      Aserto::Authorizer::Authorizer::V1::IsRequest.new(
+        {
+          policy_context: policy_context(decision),
+          identity_context: identity_context,
+          resource_context: resource_context
+        }
+      )
+    end
 
-    def policy_context
+    def policy_context(decision)
       path = Aserto::PolicyPathMapper.execute(config.policy_root, request)
       Aserto.logger.debug "aserto authorizing: #{path}"
 
@@ -61,7 +83,7 @@ module Aserto
         {
           id: config.policy_id,
           path: path,
-          decisions: [config.decision]
+          decisions: [decision]
         }
       )
     end

data/lib/aserto/authorization.rb

@@ -16,13 +16,14 @@ module Aserto
       allowed = if enabled?(request)
                   Aserto.logger.debug("Aserto authorization enabled")
                   client = Aserto::AuthClient.new(request)
-                  client.is
+                  res = client.is
+                  Aserto.logger.debug("Aserto authorization result -> allowed: #{res}")
+                  res
                 else
                   Aserto.logger.debug("Aserto authorization not enabled")
                   true
                 end
 
-      Aserto.logger.debug("Aserto authorization result -> allowed: #{allowed}")
       return @app.call env if allowed
 
       config.on_unauthorized.call(env)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aserto
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.0.3
 platform: ruby
 authors:
 - Aserto
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-07-21 00:00:00.000000000 Z
+date: 2022-07-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aserto-grpc-authz