aserto 0.20.5 → 0.20.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7247661363785d8bcce7034a816c1d6c0d59ea054190066b599e590b140cf994
-  data.tar.gz: f7cc418cdcf5ee823527a13ad959f4c38a53c470396a13c195eb59a298994dbe
+  metadata.gz: dc8ec9b57f67226df562850ca0188c27b310de08b2ac716d30143c2c603b84fd
+  data.tar.gz: 845f1cdf67e54411d004b2a91b0a37ba02d709c949512110a8158552c67f48a3
 SHA512:
-  metadata.gz: d6f02241c7687ad870792af0fccde1ea326c2461a3b8535da94f2b309a4d65e2d478cf36fd7754b7b963388ae87e8bd1f38440fb33577a7ec03708fca8181424
-  data.tar.gz: 80284a19aad72b4064a5626bbbc23aecf5c2ae0ac91066478a09f1643a97543ab5cf6c2d98523c319decd8ad097385aeb54de5705d9061813566f36e2cbd4e75
+  metadata.gz: dda8391014951485e822508b064667ff3bfd649b412df436fe019fb3c351fc891bed770093bf9a4c8db6e1bf791a14ed3dd6e23f9bcb6def14e5c26b69f49745
+  data.tar.gz: 675b6dbcc2c38a8d094a3baa59de6c786a5ddd07ad0f8ab91975b70645f279df28bcfd856c5ec33a68664afe365d4852fcfc7599c91fbdd881b0ff50be3346c5

data/VERSION

@@ -1 +1 @@
-0.20.5
+0.20.6

data/lib/aserto/auth_client.rb

@@ -22,26 +22,52 @@ module Aserto
     def initialize(request)
       @request = request
       @config = Aserto.config
-      @client = Aserto::Authorizer::V2::Authorizer::Stub.new(
+      @client = @config.client || Aserto::Authorizer::V2::Authorizer::Stub.new(
         config.service_url,
         load_creds
       )
     end
 
     def is
-      exec_is(config.decision)
+      exec_is(request_is(config.decision))
+    end
+
+    def check(object_id:, object_type:, relation:)
+      resource_context_fields = {
+        object_id: object_id,
+        object_type: object_type,
+        relation: relation
+      }.merge!(resource_context.to_h)
+
+      check_resource_context = Google::Protobuf::Struct
+                               .from_hash(resource_context_fields.transform_keys!(&:to_s))
+
+      request = Aserto::Authorizer::V2::IsRequest.new(
+        {
+          policy_context: Aserto::Authorizer::V2::Api::PolicyContext.new(
+            {
+              path: config.policy_root ? "#{config.policy_root}.check" : "rebac.check",
+              decisions: [config.decision]
+            }
+          ),
+          policy_instance: policy_instance,
+          identity_context: identity_context,
+          resource_context: check_resource_context
+        }
+      )
+      exec_is(request)
     end
 
     def allowed?
-      exec_is("allowed")
+      exec_is(request_is("allowed"))
     end
 
     def visible?
-      exec_is("visible")
+      exec_is(request_is("visible"))
     end
 
     def enabled?
-      exec_is("enabled")
+      exec_is(request_is("enabled"))
     end
 
     private
@@ -55,15 +81,15 @@ module Aserto
       end
     end
 
-    def exec_is(decision)
+    def exec_is(request)
       begin
-        response = client.is(request_is(decision), headers)
+        response = client.is(request, headers)
       rescue GRPC::BadStatus => e
         Aserto.logger.error(e.inspect)
         return false
       end
 
-      decision = response.decisions.find { |el| el.decision == decision }
+      decision = response.decisions.find { |el| el.decision == request.policy_context.decisions[0] }
       return false unless decision
 
       decision.is

data/lib/aserto/config.rb

@@ -26,6 +26,7 @@ module Aserto
     DEFAULT_ATTRS = {
       authorizer_api_key: "",
       tenant_id: "",
+      client: nil,
       service_url: "localhost:8282",
       decision: "allowed",
       disabled_for: [{}],

data/lib/aserto.rb

@@ -52,17 +52,17 @@ module Aserto
     def with_resource_mapper
       Aserto::ResourceMapper.class_eval do |klass|
         klass.define_singleton_method(:execute) do |request|
-          if block_given?
-            result = yield(request)
-            unless result.is_a?(Hash)
-              raise Aserto::InvalidResourceMapping, "block must return a hash, got: #{result.class}"
-            end
+          return unless block_given?
 
-            require "google/protobuf/well_known_types"
-
-            result.transform_keys!(&:to_s)
-            Google::Protobuf::Struct.from_hash(result)
+          result = yield(request)
+          unless result.is_a?(Hash)
+            raise Aserto::InvalidResourceMapping, "block must return a hash, got: #{result.class}"
           end
+
+          require "google/protobuf/well_known_types"
+
+          result.transform_keys!(&:to_s)
+          Google::Protobuf::Struct.from_hash(result)
         end
       end
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aserto
 version: !ruby/object:Gem::Version
-  version: 0.20.5
+  version: 0.20.6
 platform: ruby
 authors:
 - Aserto
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-06-23 00:00:00.000000000 Z
+date: 2023-11-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aserto-authorizer
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.0.5
+        version: 0.20.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.0.5
+        version: 0.20.1
 - !ruby/object:Gem::Dependency
   name: aserto-directory
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.0.3
+        version: 0.30.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.0.3
+        version: 0.30.0
 - !ruby/object:Gem::Dependency
   name: jwt
   requirement: !ruby/object:Gem::Requirement