aserto 0.0.2 → 0.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/VERSION +1 -1
  3. data/lib/aserto/auth_client.rb +35 -13
  4. data/lib/aserto/authorization.rb +3 -2
  5. data/lib/aserto/errors.rb +1 -0
  6. data/lib/aserto.rb +11 -1
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 265e22aba2a89ca1da3792a7648725d785686d045cc9740eae205f4c89992c76
4
- data.tar.gz: e5425ba2adb3b23f341757d9cb7babeaebf9773c5bba7e40aa506143f4506a63
3
+ metadata.gz: e68ebb38114ba76d726e65f348946433c1ab94a18fcc20a3b41c00d07bf4b738
4
+ data.tar.gz: 9ed57062704dcc6a3b220dcb53140b8c474794b6af887ea2f5bbbc1611b04baf
5
5
  SHA512:
6
- metadata.gz: 0cbe00e79be969233b42f548b260a763dbb06ec5d10180bdbafe5346f25c26929f3e1d16dc5a27e44e03ffea9feee1575eac05324a955b39a1876781b81856da
7
- data.tar.gz: f688ba5bfc91bb5dd4d1d8a19096e4aa1e5b78a51d00d384cd288d2638b04e9eafc72d624983f06c5d2acde48ba3228ec4a8a018e57459e21876d5a5a220fd5d
6
+ metadata.gz: '03397de5e0773e962c6503ac01e9f8e312e2ab16d9e2642cbdc10965167e1bbb21500a17cede64fabc16757e3b890abaaaf229154b5059292a3fea5eb950747b'
7
+ data.tar.gz: 91f2df019a74bf1eb58e37580efc70c4479f38eb31a01762fe7fc5c70373444ea5525d8656dfa14a7d8cf789d417789597ff75a0ab54fa4bbd98dc273bb6216c
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.0.2
1
+ 0.0.5
data/lib/aserto/auth_client.rb CHANGED
@@ -29,31 +29,53 @@ module Aserto
29
29
  end
30
30
 
31
31
  def is
32
- is_request = Aserto::Authorizer::Authorizer::V1::IsRequest.new(
33
- {
34
- policy_context: policy_context,
35
- identity_context: identity_context,
36
- resource_context: resource_context
37
- }
38
- )
32
+ exec_is(config.decision)
33
+ end
34
+
35
+ def allowed?
36
+ exec_is("allowed")
37
+ end
38
+
39
+ def visible?
40
+ exec_is("visible")
41
+ end
42
+
43
+ def enabled?
44
+ exec_is("enabled")
45
+ end
39
46
 
47
+ private
48
+
49
+ def exec_is(decision)
40
50
  begin
41
51
  response = client.is(
42
- is_request, { metadata: {
52
+ request_is(decision), { metadata: {
43
53
  "aserto-tenant-id": config.tenant_id,
44
54
  authorization: "basic #{config.authorizer_api_key}"
45
55
  } }
46
56
  )
47
57
  rescue GRPC::BadStatus => e
48
58
  Aserto.logger.error(e.inspect)
49
- false
59
+ return false
50
60
  end
51
- response.to_h.dig(:decisions, 0, :is) || false
61
+
62
+ decision = response.decisions.find { |el| el.decision == decision }
63
+ return false unless decision
64
+
65
+ decision.is
52
66
  end
53
67
 
54
- private
68
+ def request_is(decision)
69
+ Aserto::Authorizer::Authorizer::V1::IsRequest.new(
70
+ {
71
+ policy_context: policy_context(decision),
72
+ identity_context: identity_context,
73
+ resource_context: resource_context
74
+ }
75
+ )
76
+ end
55
77
 
56
- def policy_context
78
+ def policy_context(decision)
57
79
  path = Aserto::PolicyPathMapper.execute(config.policy_root, request)
58
80
  Aserto.logger.debug "aserto authorizing: #{path}"
59
81
 
@@ -61,7 +83,7 @@ module Aserto
61
83
  {
62
84
  id: config.policy_id,
63
85
  path: path,
64
- decisions: [config.decision]
86
+ decisions: [decision]
65
87
  }
66
88
  )
67
89
  end
data/lib/aserto/authorization.rb CHANGED
@@ -16,13 +16,14 @@ module Aserto
16
16
  allowed = if enabled?(request)
17
17
  Aserto.logger.debug("Aserto authorization enabled")
18
18
  client = Aserto::AuthClient.new(request)
19
- client.is
19
+ res = client.is
20
+ Aserto.logger.debug("Aserto authorization result -> allowed: #{res}")
21
+ res
20
22
  else
21
23
  Aserto.logger.debug("Aserto authorization not enabled")
22
24
  true
23
25
  end
24
26
 
25
- Aserto.logger.debug("Aserto authorization result -> allowed: #{allowed}")
26
27
  return @app.call env if allowed
27
28
 
28
29
  config.on_unauthorized.call(env)
data/lib/aserto/errors.rb CHANGED
@@ -2,6 +2,7 @@
2
2
 
3
3
  module Aserto
4
4
  class Error < StandardError; end
5
+ class InvalidResourceMapping < Error; end
5
6
 
6
7
  class AccessDenied < Error
7
8
  attr_reader :action, :conditions
data/lib/aserto.rb CHANGED
@@ -51,7 +51,17 @@ module Aserto
51
51
  def with_resource_mapper
52
52
  Aserto::ResourceMapper.class_eval do |klass|
53
53
  klass.define_singleton_method(:execute) do |request|
54
- yield(request) if block_given?
54
+ if block_given?
55
+ result = yield(request)
56
+ unless result.is_a?(Hash)
57
+ raise Aserto::InvalidResourceMapping, "block must return a hash, got: #{result.class}"
58
+ end
59
+
60
+ require "google/protobuf/well_known_types"
61
+
62
+ result.transform_keys!(&:to_s)
63
+ Google::Protobuf::Struct.from_hash(result)
64
+ end
55
65
  end
56
66
  end
57
67
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aserto
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.2
4
+ version: 0.0.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Aserto
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-07-21 00:00:00.000000000 Z
11
+ date: 2022-08-01 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aserto-grpc-authz