aserto 0.30.0 → 0.30.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +8 -8
- data/VERSION +1 -1
- data/lib/aserto/auth_client.rb +1 -1
- data/lib/aserto/config.rb +1 -1
- data/lib/aserto/directory/client.rb +15 -118
- data/lib/aserto/directory/errors.rb +4 -0
- data/lib/aserto/directory/v2/client.rb +145 -0
- data/lib/aserto/directory/v3/client.rb +2 -1
- data/lib/aserto/directory/v3/config.rb +16 -9
- data/lib/aserto/directory/v3/importer.rb +9 -3
- data/lib/aserto/directory/v3/reader.rb +11 -11
- data/lib/aserto/directory/v3/writer.rb +8 -8
- metadata +5 -3
- /data/lib/aserto/directory/{requests.rb → v2/requests.rb} +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f6f6d7ede8c8254ea3a7660948f01f70ec2d59d1328676c6e479bfe4e79a2305
|
4
|
+
data.tar.gz: b2314cab25c484a0c7b48254869210f11c386084bdeb2cb0a37b2024dee8716f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 65c36aee8d336be3016bf70ee95bd44d8ddc74d06fc1a7c0f9cc51ddff8f5a65b8282cc1160e2a6d0389be5eafaa7c2ce51fb61ce84bb9d0297cfdb6865bde2c
|
7
|
+
data.tar.gz: c27fba66e09a55b63060f93596080f89eb3cdb5ee38eed73ca101ae491528abc7688a2e82879c58d187729d6ee9c3c4108b1e09c35aa7450096e8ed8d5ac7a08
|
data/README.md
CHANGED
@@ -23,7 +23,7 @@ gem install aserto
|
|
23
23
|
|
24
24
|
## Directory
|
25
25
|
|
26
|
-
The Directory APIs can be used to get or set object instances and relation instances. They can also be used to check whether a user has
|
26
|
+
The Directory APIs can be used to get or set object instances and relation instances. They can also be used to check whether a user has permission or relation on an object instance.
|
27
27
|
|
28
28
|
### Directory Client
|
29
29
|
|
@@ -32,7 +32,7 @@ You can initialize a directory client as follows:
|
|
32
32
|
```ruby
|
33
33
|
require 'aserto/directory/client'
|
34
34
|
|
35
|
-
directory_client =Aserto::Directory::V3::Client.new(
|
35
|
+
directory_client = Aserto::Directory::V3::Client.new(
|
36
36
|
url: "directory.eng.aserto.com:8443",
|
37
37
|
tenant_id: "aserto-tenant-id",
|
38
38
|
api_key: "basic directory api key",
|
@@ -42,15 +42,15 @@ directory_client =Aserto::Directory::V3::Client.new(
|
|
42
42
|
- `url`: hostname:port of directory service (_required_)
|
43
43
|
- `api_key`: API key for directory service (_required_ if using hosted directory)
|
44
44
|
- `tenant_id`: Aserto tenant ID (_required_ if using hosted directory)
|
45
|
-
- `cert_path`: Path to the grpc service certificate when connecting to local topaz instance.
|
45
|
+
- `cert_path`: Path to the grpc service certificate when connecting to the local topaz instance.
|
46
46
|
|
47
|
-
See https://rubydoc.info/gems/aserto/
|
47
|
+
See [Aserto::Directory::V3::Client](https://rubydoc.info/gems/aserto/Aserto/Directory/V3/Client) for full documentation
|
48
48
|
|
49
49
|
## Authorizer
|
50
50
|
`Aserto::Authorization` is a middleware that allows Ruby applications to use Aserto as the Authorization provider.
|
51
51
|
|
52
52
|
### Prerequisites
|
53
|
-
* [Ruby](https://www.ruby-lang.org/en/downloads/)
|
53
|
+
* [Ruby](https://www.ruby-lang.org/en/downloads/) 3.0 or newer.
|
54
54
|
* An [Aserto](https://console.aserto.com) account.
|
55
55
|
|
56
56
|
### Configuration
|
@@ -120,7 +120,7 @@ end
|
|
120
120
|
By default, when computing the policy path, the middleware:
|
121
121
|
* converts all slashes to dots
|
122
122
|
* converts any character that is not alpha, digit, dot or underscore to underscore
|
123
|
-
* converts uppercase characters in the URL path to
|
123
|
+
* converts uppercase characters in the URL path to lowercase
|
124
124
|
|
125
125
|
This behaviour can be overwritten by providing a custom function:
|
126
126
|
|
@@ -136,7 +136,7 @@ end
|
|
136
136
|
```
|
137
137
|
|
138
138
|
### Resource
|
139
|
-
A resource can be any structured data
|
139
|
+
A resource can be any structured data the authorization policy uses to evaluate decisions. By default, middleware does not include a resource in authorization calls.
|
140
140
|
|
141
141
|
This behaviour can be overwritten by providing a custom function:
|
142
142
|
|
@@ -244,7 +244,7 @@ end
|
|
244
244
|
Prerequisites:
|
245
245
|
|
246
246
|
- go >= 1.17 to run mage
|
247
|
-
- Ruby >=
|
247
|
+
- Ruby >= 3.0 to run the code
|
248
248
|
|
249
249
|
|
250
250
|
Run `bundle install` to install dependencies. Then, run `bundle exec rspec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.30.
|
1
|
+
0.30.4
|
data/lib/aserto/auth_client.rb
CHANGED
data/lib/aserto/config.rb
CHANGED
@@ -1,14 +1,10 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
|
4
|
-
require_relative "interceptors/headers"
|
5
|
-
require_relative "requests"
|
3
|
+
require_relative "v2/client"
|
6
4
|
|
7
5
|
module Aserto
|
8
6
|
module Directory
|
9
7
|
class Client
|
10
|
-
include Requests
|
11
|
-
|
12
8
|
# Creates a new Directory Client
|
13
9
|
#
|
14
10
|
# @param url [String] the gRpc url of the directory server
|
@@ -17,127 +13,28 @@ module Aserto
|
|
17
13
|
# @param cert_path [String] the path to the certificates folder
|
18
14
|
#
|
19
15
|
# @return [Aserto::Directory::Client] the new Directory Client
|
20
|
-
def initialize(url: "directory.prod.aserto.com:8443", api_key: nil, tenant_id: nil, cert_path: nil)
|
21
|
-
@reader_client = ::Aserto::Directory::Reader::V2::Reader::Stub.new(
|
22
|
-
url,
|
23
|
-
load_creds(cert_path),
|
24
|
-
interceptors: [Interceptors::Headers.new(api_key, tenant_id)]
|
25
|
-
)
|
26
|
-
@writer_client = ::Aserto::Directory::Writer::V2::Writer::Stub.new(
|
27
|
-
url,
|
28
|
-
load_creds(cert_path),
|
29
|
-
interceptors: [Interceptors::Headers.new(api_key, tenant_id)]
|
30
|
-
)
|
31
|
-
end
|
32
|
-
|
33
|
-
# Check permissions
|
34
|
-
#
|
35
|
-
# @param subject [::Aserto::Directory::Common::V2::ObjectIdentifier]
|
36
|
-
# @param permission [String] permission name to be checked
|
37
|
-
# @param object [::Aserto::Directory::Common::V2::ObjectIdentifier]
|
38
|
-
# @param trace [Boolean] whether to enable tracing
|
39
|
-
#
|
40
|
-
# @return [Boolean]
|
41
|
-
def check_permission(subject:, permission:, object:, trace: false)
|
42
|
-
reader_client.check_permission(check_permission_request(subject, permission, object, trace))
|
43
|
-
end
|
44
|
-
|
45
|
-
# Check relation
|
46
|
-
#
|
47
|
-
# @param subject [::Aserto::Directory::Common::V2::ObjectIdentifier]
|
48
|
-
# @param relation [::Aserto::Directory::Common::V2::RelationTypeIdentifier] relation name to be checked
|
49
|
-
# @param object [::Aserto::Directory::Common::V2::ObjectIdentifier]
|
50
|
-
# @param trace [Boolean] whether to enable tracing
|
51
|
-
#
|
52
|
-
# @return [Boolean]
|
53
|
-
def check_relation(subject:, relation:, object:, trace: false)
|
54
|
-
reader_client.check_relation(check_relation_request(subject, relation, object, trace))
|
55
|
-
end
|
56
|
-
|
57
|
-
# Get an object by type and key
|
58
|
-
#
|
59
|
-
# @param type [String] the type of object
|
60
|
-
# @param key [String] the key of the object
|
61
|
-
#
|
62
|
-
# @return [::Aserto::Directory::Common::V2::Object]
|
63
|
-
def object(type:, key:)
|
64
|
-
reader_client.get_object(object_request(key, type)).result
|
65
|
-
end
|
66
|
-
|
67
|
-
# Set an object
|
68
|
-
#
|
69
|
-
# @param object [::Aserto::Directory::Common::V2::Object]
|
70
|
-
#
|
71
|
-
# @return [::Aserto::Directory::Common::V2::Object] the created/updated object
|
72
|
-
def set_object(object:)
|
73
|
-
writer_client.set_object(new_object_request(object)).result
|
74
|
-
end
|
75
|
-
|
76
|
-
# Get a list of objects by type
|
77
|
-
#
|
78
|
-
# @param type [String] the type of objects
|
79
|
-
# @param page [::Aserto::Directory::Common::V2::PaginationRequest]
|
80
|
-
#
|
81
|
-
# @return [Array<::Aserto::Directory::Common::V2::Object>]
|
82
|
-
def objects(type:, page: nil)
|
83
|
-
reader_client.get_objects(objects_request(type, page)).results
|
84
|
-
end
|
85
16
|
|
86
|
-
|
87
|
-
|
88
|
-
# @param subject [::Aserto::Directory::Common::V2::ObjectIdentifier]
|
89
|
-
# @param relation [::Aserto::Directory::Common::V2::RelationTypeIdentifier]
|
90
|
-
# @param object [::Aserto::Directory::Common::V2::ObjectIdentifier]
|
91
|
-
#
|
92
|
-
# @return [::Aserto::Directory::Common::V2::Relation]
|
93
|
-
def relation(subject: nil, relation: nil, object: nil)
|
94
|
-
reader_client.get_relation(relation_request(subject, relation, object)).results
|
95
|
-
end
|
17
|
+
def initialize(url: "directory.prod.aserto.com:8443", api_key: nil, tenant_id: nil, cert_path: nil)
|
18
|
+
warn WARN_MESSAGE
|
96
19
|
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
# @param relation [::Aserto::Directory::Common::V2::RelationTypeIdentifier]
|
101
|
-
# @param object [::Aserto::Directory::Common::V2::ObjectIdentifier]
|
102
|
-
#
|
103
|
-
# @return [Array<::Aserto::Directory::Common::V2::Relation>]
|
104
|
-
def relations(subject: nil, relation: nil, object: nil, page: nil)
|
105
|
-
reader_client.get_relations(relations_request(subject, relation, object, page)).results
|
20
|
+
@v2_client = Aserto::Directory::V2::Client.new(
|
21
|
+
url: url, api_key: api_key, tenant_id: tenant_id, cert_path: cert_path
|
22
|
+
)
|
106
23
|
end
|
107
24
|
|
108
|
-
|
109
|
-
|
110
|
-
# @param relation [String] name of the relation
|
111
|
-
# @param object [::Aserto::Directory::Common::V2::ObjectIdentifier]
|
112
|
-
# @param hash [String] hash of the relation(required for updating a relation)
|
113
|
-
#
|
114
|
-
# @return [::Aserto::Directory::Common::V2::Relation] the created/updated relation
|
115
|
-
def set_relation(subject:, relation:, object:, hash: nil)
|
116
|
-
writer_client.set_relation(new_relation_request(subject, relation, object, hash)).result
|
25
|
+
def method_missing(method, args)
|
26
|
+
@v2_client.send(method, **args)
|
117
27
|
end
|
118
28
|
|
119
|
-
|
120
|
-
|
121
|
-
# @param subject [::Aserto::Directory::Common::V2::ObjectIdentifier]
|
122
|
-
# @param relation [::Aserto::Directory::Common::V2::RelationTypeIdentifier]
|
123
|
-
# @param object [::Aserto::Directory::Common::V2::ObjectIdentifier]
|
124
|
-
#
|
125
|
-
# @return nil
|
126
|
-
def delete_relation(subject:, relation:, object:)
|
127
|
-
writer_client.delete_relation(delete_relation_request(subject, relation, object))
|
29
|
+
def respond_to_missing?(_name, _include_private)
|
30
|
+
true
|
128
31
|
end
|
129
32
|
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
if cert_path && File.file?(cert_path)
|
136
|
-
GRPC::Core::ChannelCredentials.new(File.read(cert_path))
|
137
|
-
else
|
138
|
-
GRPC::Core::ChannelCredentials.new
|
139
|
-
end
|
140
|
-
end
|
33
|
+
WARN_MESSAGE = <<~TEXT
|
34
|
+
Aserto::Directory::Client is deprecated and will be removed.
|
35
|
+
Use Aserto::Directory::V3::Client for the latest Directory Client.
|
36
|
+
If you need Directory V2, use Aserto::Directory::V2::Client
|
37
|
+
TEXT
|
141
38
|
end
|
142
39
|
end
|
143
40
|
end
|
@@ -0,0 +1,145 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "aserto/directory"
|
4
|
+
require_relative "../interceptors/headers"
|
5
|
+
require_relative "requests"
|
6
|
+
|
7
|
+
module Aserto
|
8
|
+
module Directory
|
9
|
+
module V2
|
10
|
+
class Client
|
11
|
+
include Requests
|
12
|
+
|
13
|
+
# Creates a new Directory V2 Client
|
14
|
+
#
|
15
|
+
# @param url [String] the gRpc url of the directory server
|
16
|
+
# @param api_key [String] the api key of the directory server(for hosted directory)
|
17
|
+
# @param tenant_id [String] the tenant id of the directory server(for hosted directory)
|
18
|
+
# @param cert_path [String] the path to the certificates folder
|
19
|
+
#
|
20
|
+
# @return [Aserto::Directory::V2::Client] the new Directory Client
|
21
|
+
def initialize(url: "directory.prod.aserto.com:8443", api_key: nil, tenant_id: nil, cert_path: nil)
|
22
|
+
@reader_client = ::Aserto::Directory::Reader::V2::Reader::Stub.new(
|
23
|
+
url,
|
24
|
+
load_creds(cert_path),
|
25
|
+
interceptors: [Interceptors::Headers.new(api_key, tenant_id)]
|
26
|
+
)
|
27
|
+
@writer_client = ::Aserto::Directory::Writer::V2::Writer::Stub.new(
|
28
|
+
url,
|
29
|
+
load_creds(cert_path),
|
30
|
+
interceptors: [Interceptors::Headers.new(api_key, tenant_id)]
|
31
|
+
)
|
32
|
+
end
|
33
|
+
|
34
|
+
# Check permissions
|
35
|
+
#
|
36
|
+
# @param subject [::Aserto::Directory::Common::V2::ObjectIdentifier]
|
37
|
+
# @param permission [String] permission name to be checked
|
38
|
+
# @param object [::Aserto::Directory::Common::V2::ObjectIdentifier]
|
39
|
+
# @param trace [Boolean] whether to enable tracing
|
40
|
+
#
|
41
|
+
# @return [Boolean]
|
42
|
+
def check_permission(subject:, permission:, object:, trace: false)
|
43
|
+
reader_client.check_permission(check_permission_request(subject, permission, object, trace))
|
44
|
+
end
|
45
|
+
|
46
|
+
# Check relation
|
47
|
+
#
|
48
|
+
# @param subject [::Aserto::Directory::Common::V2::ObjectIdentifier]
|
49
|
+
# @param relation [::Aserto::Directory::Common::V2::RelationTypeIdentifier] relation name to be checked
|
50
|
+
# @param object [::Aserto::Directory::Common::V2::ObjectIdentifier]
|
51
|
+
# @param trace [Boolean] whether to enable tracing
|
52
|
+
#
|
53
|
+
# @return [Boolean]
|
54
|
+
def check_relation(subject:, relation:, object:, trace: false)
|
55
|
+
reader_client.check_relation(check_relation_request(subject, relation, object, trace))
|
56
|
+
end
|
57
|
+
|
58
|
+
# Get an object by type and key
|
59
|
+
#
|
60
|
+
# @param type [String] the type of object
|
61
|
+
# @param key [String] the key of the object
|
62
|
+
#
|
63
|
+
# @return [::Aserto::Directory::Common::V2::Object]
|
64
|
+
def object(type:, key:)
|
65
|
+
reader_client.get_object(object_request(key, type)).result
|
66
|
+
end
|
67
|
+
|
68
|
+
# Set an object
|
69
|
+
#
|
70
|
+
# @param object [::Aserto::Directory::Common::V2::Object]
|
71
|
+
#
|
72
|
+
# @return [::Aserto::Directory::Common::V2::Object] the created/updated object
|
73
|
+
def set_object(object:)
|
74
|
+
writer_client.set_object(new_object_request(object)).result
|
75
|
+
end
|
76
|
+
|
77
|
+
# Get a list of objects by type
|
78
|
+
#
|
79
|
+
# @param type [String] the type of objects
|
80
|
+
# @param page [::Aserto::Directory::Common::V2::PaginationRequest]
|
81
|
+
#
|
82
|
+
# @return [Array<::Aserto::Directory::Common::V2::Object>]
|
83
|
+
def objects(type:, page: nil)
|
84
|
+
reader_client.get_objects(objects_request(type, page)).results
|
85
|
+
end
|
86
|
+
|
87
|
+
# Get a relation
|
88
|
+
#
|
89
|
+
# @param subject [::Aserto::Directory::Common::V2::ObjectIdentifier]
|
90
|
+
# @param relation [::Aserto::Directory::Common::V2::RelationTypeIdentifier]
|
91
|
+
# @param object [::Aserto::Directory::Common::V2::ObjectIdentifier]
|
92
|
+
#
|
93
|
+
# @return [::Aserto::Directory::Common::V2::Relation]
|
94
|
+
def relation(subject: nil, relation: nil, object: nil)
|
95
|
+
reader_client.get_relation(relation_request(subject, relation, object)).results
|
96
|
+
end
|
97
|
+
|
98
|
+
# Get a list of relations
|
99
|
+
#
|
100
|
+
# @param subject [::Aserto::Directory::Common::V2::ObjectIdentifier]
|
101
|
+
# @param relation [::Aserto::Directory::Common::V2::RelationTypeIdentifier]
|
102
|
+
# @param object [::Aserto::Directory::Common::V2::ObjectIdentifier]
|
103
|
+
#
|
104
|
+
# @return [Array<::Aserto::Directory::Common::V2::Relation>]
|
105
|
+
def relations(subject: nil, relation: nil, object: nil, page: nil)
|
106
|
+
reader_client.get_relations(relations_request(subject, relation, object, page)).results
|
107
|
+
end
|
108
|
+
|
109
|
+
# Set a relation
|
110
|
+
# @param subject [::Aserto::Directory::Common::V2::ObjectIdentifier]
|
111
|
+
# @param relation [String] name of the relation
|
112
|
+
# @param object [::Aserto::Directory::Common::V2::ObjectIdentifier]
|
113
|
+
# @param hash [String] hash of the relation(required for updating a relation)
|
114
|
+
#
|
115
|
+
# @return [::Aserto::Directory::Common::V2::Relation] the created/updated relation
|
116
|
+
def set_relation(subject:, relation:, object:, hash: nil)
|
117
|
+
writer_client.set_relation(new_relation_request(subject, relation, object, hash)).result
|
118
|
+
end
|
119
|
+
|
120
|
+
# Delete a relation
|
121
|
+
#
|
122
|
+
# @param subject [::Aserto::Directory::Common::V2::ObjectIdentifier]
|
123
|
+
# @param relation [::Aserto::Directory::Common::V2::RelationTypeIdentifier]
|
124
|
+
# @param object [::Aserto::Directory::Common::V2::ObjectIdentifier]
|
125
|
+
#
|
126
|
+
# @return nil
|
127
|
+
def delete_relation(subject:, relation:, object:)
|
128
|
+
writer_client.delete_relation(delete_relation_request(subject, relation, object))
|
129
|
+
end
|
130
|
+
|
131
|
+
private
|
132
|
+
|
133
|
+
attr_reader :reader_client, :writer_client
|
134
|
+
|
135
|
+
def load_creds(cert_path)
|
136
|
+
if cert_path && File.file?(cert_path)
|
137
|
+
GRPC::Core::ChannelCredentials.new(File.read(cert_path))
|
138
|
+
else
|
139
|
+
GRPC::Core::ChannelCredentials.new
|
140
|
+
end
|
141
|
+
end
|
142
|
+
end
|
143
|
+
end
|
144
|
+
end
|
145
|
+
end
|
@@ -8,6 +8,7 @@ require_relative "writer"
|
|
8
8
|
require_relative "model"
|
9
9
|
require_relative "importer"
|
10
10
|
require_relative "exporter"
|
11
|
+
require_relative "../errors"
|
11
12
|
|
12
13
|
module Aserto
|
13
14
|
module Directory
|
@@ -77,7 +78,7 @@ module Aserto
|
|
77
78
|
end
|
78
79
|
|
79
80
|
def method_missing(method, *_args)
|
80
|
-
|
81
|
+
raise ConfigError, "Cannot call '#{method}': '#{@name.to_s.capitalize}' client is not initialized."
|
81
82
|
end
|
82
83
|
|
83
84
|
def respond_to_missing?(_name, _include_private)
|
@@ -10,7 +10,7 @@ module Aserto
|
|
10
10
|
|
11
11
|
def initialize(config)
|
12
12
|
@base = {
|
13
|
-
url: config[:url]
|
13
|
+
url: config[:url],
|
14
14
|
api_key: config[:api_key],
|
15
15
|
tenant_id: config[:tenant_id],
|
16
16
|
cert_path: config[:cert_path]
|
@@ -28,6 +28,8 @@ module Aserto
|
|
28
28
|
class BaseConfig
|
29
29
|
attr_reader :url, :credentials, :interceptors
|
30
30
|
|
31
|
+
DEFAULT_DIRECTORY_URL = "directory.prod.aserto.com:8443"
|
32
|
+
|
31
33
|
def initialize(url, credentials, interceptors)
|
32
34
|
@url = url
|
33
35
|
@credentials = credentials
|
@@ -35,16 +37,21 @@ module Aserto
|
|
35
37
|
end
|
36
38
|
end
|
37
39
|
|
38
|
-
def build(
|
39
|
-
|
40
|
-
api_key: @base[:api_key],
|
41
|
-
tenant_id: @base[:tenant_id],
|
42
|
-
cert_path: @base[:cert_path]
|
43
|
-
)
|
40
|
+
def build(url: nil, api_key: @base[:api_key], tenant_id: @base[:tenant_id], cert_path: @base[:cert_path])
|
41
|
+
return unless valid_config?(@base, { url: url, api_key: api_key, tenant_id: tenant_id })
|
44
42
|
|
45
|
-
interceptors = []
|
46
43
|
interceptors = [Interceptors::Headers.new(api_key, tenant_id)] if !api_key.nil? && !tenant_id.nil?
|
47
|
-
BaseConfig.new(
|
44
|
+
BaseConfig.new(
|
45
|
+
url || @base[:url] || BaseConfig::DEFAULT_DIRECTORY_URL,
|
46
|
+
load_creds(cert_path),
|
47
|
+
interceptors || []
|
48
|
+
)
|
49
|
+
end
|
50
|
+
|
51
|
+
def valid_config?(config, fallback)
|
52
|
+
!(config[:url].nil? && fallback[:url].nil?) ||
|
53
|
+
((!config[:api_key].nil? || !fallback[:api_key].nil?) &&
|
54
|
+
(!config[:tenant_id].nil? || !fallback[:tenant_id].nil?))
|
48
55
|
end
|
49
56
|
|
50
57
|
def load_creds(cert_path)
|
@@ -9,15 +9,21 @@ module Aserto
|
|
9
9
|
#
|
10
10
|
# @param Array[Hash] data to be imported
|
11
11
|
#
|
12
|
+
# op_code = {
|
13
|
+
# OPCODE_UNKNOWN = ;
|
14
|
+
# OPCODE_SET = 1;
|
15
|
+
# OPCODE_DELETE = 2;
|
16
|
+
# }
|
12
17
|
# @example
|
13
18
|
# directory.import(
|
14
19
|
# [
|
15
|
-
# { object: {
|
16
|
-
# { object: {
|
20
|
+
# { op_code: 1, object: { type: "user", id: "import-user" } },
|
21
|
+
# { op_code: 1, object: { type: "group", id: "import-group" } },
|
17
22
|
# {
|
23
|
+
# op_code: 1,
|
18
24
|
# relation: {
|
19
|
-
# object_id: "import-user",
|
20
25
|
# object_type: "user",
|
26
|
+
# object_id: "import-user",
|
21
27
|
# relation: "member",
|
22
28
|
# subject_id: "import-group",
|
23
29
|
# subject_type: "group"
|
@@ -7,8 +7,8 @@ module Aserto
|
|
7
7
|
#
|
8
8
|
# find an object by id and type
|
9
9
|
#
|
10
|
-
# @param object_id [String]
|
11
10
|
# @param object_type [String]
|
11
|
+
# @param object_id [String]
|
12
12
|
#
|
13
13
|
# @return [Aserto::Directory::Reader::V3::GetObjectResponse]
|
14
14
|
#
|
@@ -17,11 +17,11 @@ module Aserto
|
|
17
17
|
# object_type: "user",
|
18
18
|
# object_id: "rick@the-citadel.com"
|
19
19
|
# )
|
20
|
-
def get_object(
|
20
|
+
def get_object(object_type:, object_id:)
|
21
21
|
reader.get_object(
|
22
22
|
Aserto::Directory::Reader::V3::GetObjectRequest.new(
|
23
|
-
|
24
|
-
|
23
|
+
object_type: object_type,
|
24
|
+
object_id: object_id
|
25
25
|
)
|
26
26
|
)
|
27
27
|
end
|
@@ -227,13 +227,13 @@ module Aserto
|
|
227
227
|
#
|
228
228
|
# Returns object graph from anchor to subject or object.
|
229
229
|
#
|
230
|
-
# @param [String] anchor_type
|
231
|
-
# @param [String] anchor_id
|
232
|
-
# @param [String] object_type
|
233
|
-
# @param [String] object_id
|
234
|
-
# @param [String] relation
|
235
|
-
# @param [String] subject_type
|
236
|
-
# @param [String]
|
230
|
+
# @param [String] anchor_type
|
231
|
+
# @param [String] anchor_id
|
232
|
+
# @param [String] object_type
|
233
|
+
# @param [String] object_id
|
234
|
+
# @param [String] relation
|
235
|
+
# @param [String] subject_type
|
236
|
+
# @param [String]
|
237
237
|
#
|
238
238
|
# @return [Aserto::Directory::Reader::V3::GetGraphResponse]
|
239
239
|
#
|
@@ -9,8 +9,8 @@ module Aserto
|
|
9
9
|
#
|
10
10
|
# Create a new object
|
11
11
|
#
|
12
|
-
# @param [String] object_id
|
13
12
|
# @param [String] object_type
|
13
|
+
# @param [String] object_id
|
14
14
|
# @param [String] display_name
|
15
15
|
# @param [Hash] properties
|
16
16
|
# @param [String] etag
|
@@ -18,13 +18,13 @@ module Aserto
|
|
18
18
|
# @return [Aserto::Directory::Writer::V3::SetObjectResponse]
|
19
19
|
#
|
20
20
|
# @example
|
21
|
-
# client.set_object(
|
22
|
-
def set_object(
|
21
|
+
# client.set_object(object_type: "user", object_id: "1234", properties: { email: "test" })
|
22
|
+
def set_object(object_type:, object_id:, display_name: "", properties: {}, etag: nil)
|
23
23
|
writer.set_object(
|
24
24
|
Aserto::Directory::Writer::V3::SetObjectRequest.new(
|
25
25
|
object: {
|
26
|
-
id: object_id,
|
27
26
|
type: object_type,
|
27
|
+
id: object_id,
|
28
28
|
display_name: display_name,
|
29
29
|
properties: Google::Protobuf::Struct.from_hash(properties.transform_keys!(&:to_s)),
|
30
30
|
etag: etag
|
@@ -36,19 +36,19 @@ module Aserto
|
|
36
36
|
#
|
37
37
|
# Delete an object
|
38
38
|
#
|
39
|
-
# @param [String] object_id
|
40
39
|
# @param [String] object_type
|
40
|
+
# @param [String] object_id
|
41
41
|
# @param [Boolean] with_relations
|
42
42
|
#
|
43
43
|
# @return [ Aserto::Directory::Writer::V3::DeleteObjectResponse]
|
44
44
|
#
|
45
45
|
# @example
|
46
|
-
# client.delete_object(
|
47
|
-
def delete_object(
|
46
|
+
# client.delete_object(object_type: "user", object_id: "1234")
|
47
|
+
def delete_object(object_type:, object_id:, with_relations: false)
|
48
48
|
writer.delete_object(
|
49
49
|
Aserto::Directory::Writer::V3::DeleteObjectRequest.new(
|
50
|
-
object_id: object_id,
|
51
50
|
object_type: object_type,
|
51
|
+
object_id: object_id,
|
52
52
|
with_relations: with_relations
|
53
53
|
)
|
54
54
|
)
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aserto
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.30.
|
4
|
+
version: 0.30.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Aserto
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-12-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aserto-authorizer
|
@@ -81,8 +81,10 @@ files:
|
|
81
81
|
- lib/aserto/authorization.rb
|
82
82
|
- lib/aserto/config.rb
|
83
83
|
- lib/aserto/directory/client.rb
|
84
|
+
- lib/aserto/directory/errors.rb
|
84
85
|
- lib/aserto/directory/interceptors/headers.rb
|
85
|
-
- lib/aserto/directory/
|
86
|
+
- lib/aserto/directory/v2/client.rb
|
87
|
+
- lib/aserto/directory/v2/requests.rb
|
86
88
|
- lib/aserto/directory/v3/client.rb
|
87
89
|
- lib/aserto/directory/v3/config.rb
|
88
90
|
- lib/aserto/directory/v3/exporter.rb
|
File without changes
|