aserto 0.0.2 → 0.0.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/VERSION +1 -1
  3. data/lib/aserto/auth_client.rb +35 -13
  4. data/lib/aserto/authorization.rb +3 -2
  5. data/lib/aserto/errors.rb +1 -0
  6. data/lib/aserto.rb +11 -1
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 265e22aba2a89ca1da3792a7648725d785686d045cc9740eae205f4c89992c76
4
- data.tar.gz: e5425ba2adb3b23f341757d9cb7babeaebf9773c5bba7e40aa506143f4506a63
3
+ metadata.gz: e68ebb38114ba76d726e65f348946433c1ab94a18fcc20a3b41c00d07bf4b738
4
+ data.tar.gz: 9ed57062704dcc6a3b220dcb53140b8c474794b6af887ea2f5bbbc1611b04baf
5
5
  SHA512:
6
- metadata.gz: 0cbe00e79be969233b42f548b260a763dbb06ec5d10180bdbafe5346f25c26929f3e1d16dc5a27e44e03ffea9feee1575eac05324a955b39a1876781b81856da
7
- data.tar.gz: f688ba5bfc91bb5dd4d1d8a19096e4aa1e5b78a51d00d384cd288d2638b04e9eafc72d624983f06c5d2acde48ba3228ec4a8a018e57459e21876d5a5a220fd5d
6
+ metadata.gz: '03397de5e0773e962c6503ac01e9f8e312e2ab16d9e2642cbdc10965167e1bbb21500a17cede64fabc16757e3b890abaaaf229154b5059292a3fea5eb950747b'
7
+ data.tar.gz: 91f2df019a74bf1eb58e37580efc70c4479f38eb31a01762fe7fc5c70373444ea5525d8656dfa14a7d8cf789d417789597ff75a0ab54fa4bbd98dc273bb6216c
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.0.2
1
+ 0.0.5
data/lib/aserto/auth_client.rb CHANGED
@@ -29,31 +29,53 @@ module Aserto
29
29
  end
30
30
 
31
31
  def is
32
- is_request = Aserto::Authorizer::Authorizer::V1::IsRequest.new(
33
- {
34
- policy_context: policy_context,
35
- identity_context: identity_context,
36
- resource_context: resource_context
37
- }
38
- )
32
+ exec_is(config.decision)
33
+ end
34
+
35
+ def allowed?
36
+ exec_is("allowed")
37
+ end
38
+
39
+ def visible?
40
+ exec_is("visible")
41
+ end
42
+
43
+ def enabled?
44
+ exec_is("enabled")
45
+ end
39
46
 
47
+ private
48
+
49
+ def exec_is(decision)
40
50
  begin
41
51
  response = client.is(
42
- is_request, { metadata: {
52
+ request_is(decision), { metadata: {
43
53
  "aserto-tenant-id": config.tenant_id,
44
54
  authorization: "basic #{config.authorizer_api_key}"
45
55
  } }
46
56
  )
47
57
  rescue GRPC::BadStatus => e
48
58
  Aserto.logger.error(e.inspect)
49
- false
59
+ return false
50
60
  end
51
- response.to_h.dig(:decisions, 0, :is) || false
61
+
62
+ decision = response.decisions.find { |el| el.decision == decision }
63
+ return false unless decision
64
+
65
+ decision.is
52
66
  end
53
67
 
54
- private
68
+ def request_is(decision)
69
+ Aserto::Authorizer::Authorizer::V1::IsRequest.new(
70
+ {
71
+ policy_context: policy_context(decision),
72
+ identity_context: identity_context,
73
+ resource_context: resource_context
74
+ }
75
+ )
76
+ end
55
77
 
56
- def policy_context
78
+ def policy_context(decision)
57
79
  path = Aserto::PolicyPathMapper.execute(config.policy_root, request)
58
80
  Aserto.logger.debug "aserto authorizing: #{path}"
59
81
 
@@ -61,7 +83,7 @@ module Aserto
61
83
  {
62
84
  id: config.policy_id,
63
85
  path: path,
64
- decisions: [config.decision]
86
+ decisions: [decision]
65
87
  }
66
88
  )
67
89
  end
data/lib/aserto/authorization.rb CHANGED
@@ -16,13 +16,14 @@ module Aserto
16
16
  allowed = if enabled?(request)
17
17
  Aserto.logger.debug("Aserto authorization enabled")
18
18
  client = Aserto::AuthClient.new(request)
19
- client.is
19
+ res = client.is
20
+ Aserto.logger.debug("Aserto authorization result -> allowed: #{res}")
21
+ res
20
22
  else
21
23
  Aserto.logger.debug("Aserto authorization not enabled")
22
24
  true
23
25
  end
24
26
 
25
- Aserto.logger.debug("Aserto authorization result -> allowed: #{allowed}")
26
27
  return @app.call env if allowed
27
28
 
28
29
  config.on_unauthorized.call(env)
data/lib/aserto/errors.rb CHANGED
@@ -2,6 +2,7 @@
2
2
 
3
3
  module Aserto
4
4
  class Error < StandardError; end
5
+ class InvalidResourceMapping < Error; end
5
6
 
6
7
  class AccessDenied < Error
7
8
  attr_reader :action, :conditions
data/lib/aserto.rb CHANGED
@@ -51,7 +51,17 @@ module Aserto
51
51
  def with_resource_mapper
52
52
  Aserto::ResourceMapper.class_eval do |klass|
53
53
  klass.define_singleton_method(:execute) do |request|
54
- yield(request) if block_given?
54
+ if block_given?
55
+ result = yield(request)
56
+ unless result.is_a?(Hash)
57
+ raise Aserto::InvalidResourceMapping, "block must return a hash, got: #{result.class}"
58
+ end
59
+
60
+ require "google/protobuf/well_known_types"
61
+
62
+ result.transform_keys!(&:to_s)
63
+ Google::Protobuf::Struct.from_hash(result)
64
+ end
55
65
  end
56
66
  end
57
67
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aserto
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.2
4
+ version: 0.0.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Aserto
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-07-21 00:00:00.000000000 Z
11
+ date: 2022-08-01 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aserto-grpc-authz