aserto 0.20.5 → 0.20.6

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/VERSION +1 -1
  3. data/lib/aserto/auth_client.rb +34 -8
  4. data/lib/aserto/config.rb +1 -0
  5. data/lib/aserto.rb +9 -9
  6. metadata +6 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7247661363785d8bcce7034a816c1d6c0d59ea054190066b599e590b140cf994
4
- data.tar.gz: f7cc418cdcf5ee823527a13ad959f4c38a53c470396a13c195eb59a298994dbe
3
+ metadata.gz: dc8ec9b57f67226df562850ca0188c27b310de08b2ac716d30143c2c603b84fd
4
+ data.tar.gz: 845f1cdf67e54411d004b2a91b0a37ba02d709c949512110a8158552c67f48a3
5
5
  SHA512:
6
- metadata.gz: d6f02241c7687ad870792af0fccde1ea326c2461a3b8535da94f2b309a4d65e2d478cf36fd7754b7b963388ae87e8bd1f38440fb33577a7ec03708fca8181424
7
- data.tar.gz: 80284a19aad72b4064a5626bbbc23aecf5c2ae0ac91066478a09f1643a97543ab5cf6c2d98523c319decd8ad097385aeb54de5705d9061813566f36e2cbd4e75
6
+ metadata.gz: dda8391014951485e822508b064667ff3bfd649b412df436fe019fb3c351fc891bed770093bf9a4c8db6e1bf791a14ed3dd6e23f9bcb6def14e5c26b69f49745
7
+ data.tar.gz: 675b6dbcc2c38a8d094a3baa59de6c786a5ddd07ad0f8ab91975b70645f279df28bcfd856c5ec33a68664afe365d4852fcfc7599c91fbdd881b0ff50be3346c5
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.20.5
1
+ 0.20.6
data/lib/aserto/auth_client.rb CHANGED
@@ -22,26 +22,52 @@ module Aserto
22
22
  def initialize(request)
23
23
  @request = request
24
24
  @config = Aserto.config
25
- @client = Aserto::Authorizer::V2::Authorizer::Stub.new(
25
+ @client = @config.client || Aserto::Authorizer::V2::Authorizer::Stub.new(
26
26
  config.service_url,
27
27
  load_creds
28
28
  )
29
29
  end
30
30
 
31
31
  def is
32
- exec_is(config.decision)
32
+ exec_is(request_is(config.decision))
33
+ end
34
+
35
+ def check(object_id:, object_type:, relation:)
36
+ resource_context_fields = {
37
+ object_id: object_id,
38
+ object_type: object_type,
39
+ relation: relation
40
+ }.merge!(resource_context.to_h)
41
+
42
+ check_resource_context = Google::Protobuf::Struct
43
+ .from_hash(resource_context_fields.transform_keys!(&:to_s))
44
+
45
+ request = Aserto::Authorizer::V2::IsRequest.new(
46
+ {
47
+ policy_context: Aserto::Authorizer::V2::Api::PolicyContext.new(
48
+ {
49
+ path: config.policy_root ? "#{config.policy_root}.check" : "rebac.check",
50
+ decisions: [config.decision]
51
+ }
52
+ ),
53
+ policy_instance: policy_instance,
54
+ identity_context: identity_context,
55
+ resource_context: check_resource_context
56
+ }
57
+ )
58
+ exec_is(request)
33
59
  end
34
60
 
35
61
  def allowed?
36
- exec_is("allowed")
62
+ exec_is(request_is("allowed"))
37
63
  end
38
64
 
39
65
  def visible?
40
- exec_is("visible")
66
+ exec_is(request_is("visible"))
41
67
  end
42
68
 
43
69
  def enabled?
44
- exec_is("enabled")
70
+ exec_is(request_is("enabled"))
45
71
  end
46
72
 
47
73
  private
@@ -55,15 +81,15 @@ module Aserto
55
81
  end
56
82
  end
57
83
 
58
- def exec_is(decision)
84
+ def exec_is(request)
59
85
  begin
60
- response = client.is(request_is(decision), headers)
86
+ response = client.is(request, headers)
61
87
  rescue GRPC::BadStatus => e
62
88
  Aserto.logger.error(e.inspect)
63
89
  return false
64
90
  end
65
91
 
66
- decision = response.decisions.find { |el| el.decision == decision }
92
+ decision = response.decisions.find { |el| el.decision == request.policy_context.decisions[0] }
67
93
  return false unless decision
68
94
 
69
95
  decision.is
data/lib/aserto/config.rb CHANGED
@@ -26,6 +26,7 @@ module Aserto
26
26
  DEFAULT_ATTRS = {
27
27
  authorizer_api_key: "",
28
28
  tenant_id: "",
29
+ client: nil,
29
30
  service_url: "localhost:8282",
30
31
  decision: "allowed",
31
32
  disabled_for: [{}],
data/lib/aserto.rb CHANGED
@@ -52,17 +52,17 @@ module Aserto
52
52
  def with_resource_mapper
53
53
  Aserto::ResourceMapper.class_eval do |klass|
54
54
  klass.define_singleton_method(:execute) do |request|
55
- if block_given?
56
- result = yield(request)
57
- unless result.is_a?(Hash)
58
- raise Aserto::InvalidResourceMapping, "block must return a hash, got: #{result.class}"
59
- end
55
+ return unless block_given?
60
56
 
61
- require "google/protobuf/well_known_types"
62
-
63
- result.transform_keys!(&:to_s)
64
- Google::Protobuf::Struct.from_hash(result)
57
+ result = yield(request)
58
+ unless result.is_a?(Hash)
59
+ raise Aserto::InvalidResourceMapping, "block must return a hash, got: #{result.class}"
65
60
  end
61
+
62
+ require "google/protobuf/well_known_types"
63
+
64
+ result.transform_keys!(&:to_s)
65
+ Google::Protobuf::Struct.from_hash(result)
66
66
  end
67
67
  end
68
68
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aserto
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.20.5
4
+ version: 0.20.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Aserto
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-06-23 00:00:00.000000000 Z
11
+ date: 2023-11-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aserto-authorizer
@@ -16,28 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - ">="
18
18
  - !ruby/object:Gem::Version
19
- version: 0.0.5
19
+ version: 0.20.1
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - ">="
25
25
  - !ruby/object:Gem::Version
26
- version: 0.0.5
26
+ version: 0.20.1
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: aserto-directory
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - ">="
32
32
  - !ruby/object:Gem::Version
33
- version: 0.0.3
33
+ version: 0.30.0
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - ">="
39
39
  - !ruby/object:Gem::Version
40
- version: 0.0.3
40
+ version: 0.30.0
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: jwt
43
43
  requirement: !ruby/object:Gem::Requirement