aserto 0.20.4 → 0.20.6

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/VERSION +1 -1
  3. data/lib/aserto/auth_client.rb +34 -8
  4. data/lib/aserto/config.rb +1 -0
  5. data/lib/aserto.rb +9 -9
  6. metadata +8 -8
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 96e9f934b980519a7f6f2a737ba3f3120a255fdcaff12a9adf4b343e4b74df27
4
- data.tar.gz: 775bf4b1af000a1fed33d3dd1a86073cb8d021ca3220b941919d3ba58ce3903d
3
+ metadata.gz: dc8ec9b57f67226df562850ca0188c27b310de08b2ac716d30143c2c603b84fd
4
+ data.tar.gz: 845f1cdf67e54411d004b2a91b0a37ba02d709c949512110a8158552c67f48a3
5
5
  SHA512:
6
- metadata.gz: d25293714c54198bf6ecbfadde8fde7b99e329205a95bd56bd74691d1afafb359f086ee09a68f6c82560f45b4b5107d6405d8b24787a68b93210b1f3bbcd9fef
7
- data.tar.gz: 833aa4f4416ca12352a857557c53433e129bf80768c9d3d4df5f7ad948c48c114295d929497f3e1eb64552ba2fd64cb7e20ea229259b6fec6c7cd523a9007da4
6
+ metadata.gz: dda8391014951485e822508b064667ff3bfd649b412df436fe019fb3c351fc891bed770093bf9a4c8db6e1bf791a14ed3dd6e23f9bcb6def14e5c26b69f49745
7
+ data.tar.gz: 675b6dbcc2c38a8d094a3baa59de6c786a5ddd07ad0f8ab91975b70645f279df28bcfd856c5ec33a68664afe365d4852fcfc7599c91fbdd881b0ff50be3346c5
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.20.4
1
+ 0.20.6
data/lib/aserto/auth_client.rb CHANGED
@@ -22,26 +22,52 @@ module Aserto
22
22
  def initialize(request)
23
23
  @request = request
24
24
  @config = Aserto.config
25
- @client = Aserto::Authorizer::V2::Authorizer::Stub.new(
25
+ @client = @config.client || Aserto::Authorizer::V2::Authorizer::Stub.new(
26
26
  config.service_url,
27
27
  load_creds
28
28
  )
29
29
  end
30
30
 
31
31
  def is
32
- exec_is(config.decision)
32
+ exec_is(request_is(config.decision))
33
+ end
34
+
35
+ def check(object_id:, object_type:, relation:)
36
+ resource_context_fields = {
37
+ object_id: object_id,
38
+ object_type: object_type,
39
+ relation: relation
40
+ }.merge!(resource_context.to_h)
41
+
42
+ check_resource_context = Google::Protobuf::Struct
43
+ .from_hash(resource_context_fields.transform_keys!(&:to_s))
44
+
45
+ request = Aserto::Authorizer::V2::IsRequest.new(
46
+ {
47
+ policy_context: Aserto::Authorizer::V2::Api::PolicyContext.new(
48
+ {
49
+ path: config.policy_root ? "#{config.policy_root}.check" : "rebac.check",
50
+ decisions: [config.decision]
51
+ }
52
+ ),
53
+ policy_instance: policy_instance,
54
+ identity_context: identity_context,
55
+ resource_context: check_resource_context
56
+ }
57
+ )
58
+ exec_is(request)
33
59
  end
34
60
 
35
61
  def allowed?
36
- exec_is("allowed")
62
+ exec_is(request_is("allowed"))
37
63
  end
38
64
 
39
65
  def visible?
40
- exec_is("visible")
66
+ exec_is(request_is("visible"))
41
67
  end
42
68
 
43
69
  def enabled?
44
- exec_is("enabled")
70
+ exec_is(request_is("enabled"))
45
71
  end
46
72
 
47
73
  private
@@ -55,15 +81,15 @@ module Aserto
55
81
  end
56
82
  end
57
83
 
58
- def exec_is(decision)
84
+ def exec_is(request)
59
85
  begin
60
- response = client.is(request_is(decision), headers)
86
+ response = client.is(request, headers)
61
87
  rescue GRPC::BadStatus => e
62
88
  Aserto.logger.error(e.inspect)
63
89
  return false
64
90
  end
65
91
 
66
- decision = response.decisions.find { |el| el.decision == decision }
92
+ decision = response.decisions.find { |el| el.decision == request.policy_context.decisions[0] }
67
93
  return false unless decision
68
94
 
69
95
  decision.is
data/lib/aserto/config.rb CHANGED
@@ -26,6 +26,7 @@ module Aserto
26
26
  DEFAULT_ATTRS = {
27
27
  authorizer_api_key: "",
28
28
  tenant_id: "",
29
+ client: nil,
29
30
  service_url: "localhost:8282",
30
31
  decision: "allowed",
31
32
  disabled_for: [{}],
data/lib/aserto.rb CHANGED
@@ -52,17 +52,17 @@ module Aserto
52
52
  def with_resource_mapper
53
53
  Aserto::ResourceMapper.class_eval do |klass|
54
54
  klass.define_singleton_method(:execute) do |request|
55
- if block_given?
56
- result = yield(request)
57
- unless result.is_a?(Hash)
58
- raise Aserto::InvalidResourceMapping, "block must return a hash, got: #{result.class}"
59
- end
55
+ return unless block_given?
60
56
 
61
- require "google/protobuf/well_known_types"
62
-
63
- result.transform_keys!(&:to_s)
64
- Google::Protobuf::Struct.from_hash(result)
57
+ result = yield(request)
58
+ unless result.is_a?(Hash)
59
+ raise Aserto::InvalidResourceMapping, "block must return a hash, got: #{result.class}"
65
60
  end
61
+
62
+ require "google/protobuf/well_known_types"
63
+
64
+ result.transform_keys!(&:to_s)
65
+ Google::Protobuf::Struct.from_hash(result)
66
66
  end
67
67
  end
68
68
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aserto
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.20.4
4
+ version: 0.20.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Aserto
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-05-29 00:00:00.000000000 Z
11
+ date: 2023-11-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aserto-authorizer
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - ">="
18
18
  - !ruby/object:Gem::Version
19
- version: 0.0.3
19
+ version: 0.20.1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - ">="
25
25
  - !ruby/object:Gem::Version
26
- version: 0.0.3
26
+ version: 0.20.1
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: aserto-directory
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - ">="
32
32
  - !ruby/object:Gem::Version
33
- version: 0.0.2
33
+ version: 0.30.0
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - ">="
39
39
  - !ruby/object:Gem::Version
40
- version: 0.0.2
40
+ version: 0.30.0
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: jwt
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -112,14 +112,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
112
112
  requirements:
113
113
  - - ">="
114
114
  - !ruby/object:Gem::Version
115
- version: 2.7.0
115
+ version: 3.0.0
116
116
  required_rubygems_version: !ruby/object:Gem::Requirement
117
117
  requirements:
118
118
  - - ">="
119
119
  - !ruby/object:Gem::Version
120
120
  version: '0'
121
121
  requirements: []
122
- rubygems_version: 3.4.10
122
+ rubygems_version: 3.3.26
123
123
  signing_key:
124
124
  specification_version: 4
125
125
  summary: Aserto Middleware