RubyGems - cased-rails - Versions diffs - 0.4.3 → 0.5.0 - Mend

cased-rails 0.4.3 → 0.5.0

Files changed (4) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 49f90bda9670e4c31103308b7140637c601f769112a8f94873f48b2f8e957a75
-  data.tar.gz: 50788a3192675057b100135a72c8b33b6e263961c181683de574585663a7e494
+  metadata.gz: 6ac8f2d72b0bd9acb03474b7903c2d7d061c6a95d99beb5ea46d8b18dfa2fe37
+  data.tar.gz: 17c1ea4d0eaa1c44a365d51b1a88b04a3c5a3c479f6318ab33bdd03c5163ea02
 SHA512:
-  metadata.gz: 0f960a6c6bbaad726b8efae2dc34bec84c2f8cf45389bcc1785c50f5efc2b463f4b703c1560c1ab1bdd3baf3626cca80f00671050cb134d3d959c3f82ae708ce
-  data.tar.gz: 0dba75ffb963563d4122aa473dbfb0aca765b0fbc5d970eb3876e77a1a05720f7e5bb22a2d0484bd1ae6bf2e96d6d719af43e5d6fefcc54ec7c8e74c157e1256
+  metadata.gz: 00c9c0d383329eb6e53432458a578db0c795107822bafcdcb8249bcc5432541ac3b5c7609b288110c8e6b9d531c6ac211399a4b43aeb1988115a28ad03b1bab6
+  data.tar.gz: b9d292a6ea549455cd9f595fe4d764910abfaa9e0f5331595359fb2a3520deec48479c5bf6591606df1e74e40958825b34d3c2b98af8cd7c2a4ec37a3544258b

data/README.md CHANGED Viewed

@@ -7,15 +7,19 @@ A Cased client for Ruby on Rails applications in your organization to control an
 - [Installation](#installation)
 - [Configuration](#configuration)
 - [Usage](#usage)
-  - [Publishing events to Cased](#publishing-events-to-cased)
-  - [Publishing audit events for all record creation, updates, and deletions automatically](#publishing-audit-events-for-all-record-creation-updates-and-deletions-automatically)
-  - [Retrieving events from a Cased audit trail](#retrieving-events-from-a-cased-audit-trail)
-  - [Retrieving events from multiple Cased audit trails](#retrieving-events-from-multiple-cased-audit-trails)
-  - [Exporting events](#exporting-events)
-  - [Masking & filtering sensitive information](#masking-and-filtering-sensitive-information)
-  - [Disable publishing events](#disable-publishing-events)
-  - [Context](#context)
-  - [Testing](#testing)
+  - [Cased CLI](#cased-cli)
+    - [Recording console sessions](#recording-console-sessions)
+    - [Approval workflows for sensitive operations](#approval-workflows-for-sensitive-operations)
+  - [Audit trails](#audit-trails)
+    - [Publishing events to Cased](#publishing-events-to-cased)
+    - [Publishing audit events for all record creation, updates, and deletions automatically](#publishing-audit-events-for-all-record-creation-updates-and-deletions-automatically)
+    - [Retrieving events from a Cased audit trail](#retrieving-events-from-a-cased-audit-trail)
+    - [Retrieving events from multiple Cased audit trails](#retrieving-events-from-multiple-cased-audit-trails)
+    - [Exporting events](#exporting-events)
+    - [Masking & filtering sensitive information](#masking-and-filtering-sensitive-information)
+    - [Disable publishing events](#disable-publishing-events)
+    - [Context](#context)
+    - [Testing](#testing)
 - [Customizing cased-rails](#customizing-cased-rails)
 - [Contributing](#contributing)
@@ -41,6 +45,26 @@ All configuration options available in cased-rails are available to be configure
 ```ruby
 Cased.configure do |config|
+  # GUARD_APPLICATION_KEY=guard_application_1ntKX0P4vUbKoc0lMWGiSbrBHcH
+  config.guard_application_key = 'guard_application_1ntKX0P4vUbKoc0lMWGiSbrBHcH'
+  # GUARD_USER_TOKEN=user_1oFqlROLNRGVLOXJSsHkJiVmylr
+  config.guard_user_token = 'user_1oFqlROLNRGVLOXJSsHkJiVmylr'
+  # DENY_IF_UNREACHABLE=1
+  config.guard_deny_if_unreachable = true
+  # Attach metadata to all CLI requests. This metadata will appear in Cased and
+  # any notification source such as email or Slack.
+  #
+  # You are limited to 20 properties and cannot be a nested dictionary. Metadata
+  # specified in the CLI request overrides any configured globally.
+  config.cli.metadata = {
+    rails_env: ENV['RAILS_ENV'],
+    heroku_application: ENV['HEROKU_APP_NAME'],
+    git_commit: ENV['GIT_COMMIT'],
+  }
   # CASED_POLICY_KEY=policy_live_1dQpY5JliYgHSkEntAbMVzuOROh
   config.policy_key = 'policy_live_1dQpY5JliYgHSkEntAbMVzuOROh'
@@ -76,7 +100,119 @@ end
 ## Usage
-### Publishing events to Cased
+### Cased CLI
+#### Playback console sessions
+Having visibility into production terminal sessions is essential to providing
+access to sensitive data and critical systems. `cased-rails` can provide complete
+command line session recordings with minimal configuration.
+First, enable the "Record output" option in your application's settings page on Cased.
+Next grab the application's key from the same settings page and configure
+`cased-rails` with it either by using an environment variable or manually.
+**Environment variable**
+```
+GUARD_APPLICATION_KEY=guard_application_1rBCh8o3YMaI1eAKxbrNvnLki3x rails console
+```
+**Manually**
+```ruby
+Cased.configure do |config|
+  config.guard_application_key = 'guard_application_1rBCh8o3YMaI1eAKxbrNvnLki3x'
+end
+```
+By default playback will be saved only when a Rails console is started outside
+of development and test. When the playback is being saved, by default all
+parameters other than `id`, `action`, and `controller` will be filtered out.
+For example:
+```
+#<User id: "user_1qwkKB8IGxQFlu3C4lI53tCIyZI", organization: "Enterprise">
+```
+Would become:
+```
+#<User id: "user_1qwkKB8IGxQFlu3C4lI53tCIyZI", organization: [FILTERED]>
+```
+If you'd like to configure if filtering is enabled or specify which attributes
+are not filtered you can do so with:
+```ruby
+Cased.configure do |config|
+  config.unfiltered_parameters = ['id', 'action', 'controller']
+  config.filter_parameters = Rails.env.production?
+end
+```
+#### Approval workflows for sensitive operations
+Adding approval workflows to your controllers is a two step process in your
+Rails applications.
+First, mount the Rails engine in your routes. The included Rails engine in
+cased-rails is necessary for the approval workflow to know whether or not it has
+been requested, approved, denied, canceled or timed out.
+```ruby
+Rails.application.routes.draw do
+  mount Cased::Rails::Engine => '/cased'
+  root to: 'home#show'
+end
+```
+To control the requirements for an approval workflow, that must be configured
+within your CLI application settings on Cased. Some controls include restricting
+which users or groups can approve the request, if a reason is required, how long
+until the request times out, and more.
+To start an your approval workflow all that is needed is to call the `guard`
+method before a request using `before_action`.
+```ruby
+class AccountsController < ApplicationController
+  before_action :guard, only: %i[update destroy]
+  def update
+    if current_account.update(account_params)
+      redirect_to current_account
+    else
+      render :edit
+    end
+  end
+  def destroy
+    if current_account.destroy
+      redirect_to accounts_path
+    else
+      redirect_to current_account
+    end
+  end
+  private
+  def account_params
+    params.require(:account).permit(:name, :description, :email)
+  end
+end
+```
+Approval workflows are best started just before data is about to be created,
+updated, or destroyed. Approval workflows are not intended to control permission
+to view resources. The actions we recommend guarding are `create`, `update`, and
+`destroy` based on your needs.
+### Audit trails
+#### Publishing events to Cased
 Once Cased is setup there are two ways to publish your first audit trail event.
 The first is using the `cased` helper method included in all ActiveRecord models.
@@ -151,7 +287,7 @@ end
 By publishing the `team.create` audit event within the controller directly as shown you risk not having a complete and comprehensive audit trail for each team created in your application as it may happen in your API, model callbacks, and more.
-### Publishing audit events for all record creation, updates, and deletions automatically
+#### Publishing audit events for all record creation, updates, and deletions automatically
 Cased provides a mixin you can include in your models or in `ApplicationRecord` to automatically publish when new models are created, updated, or destroyed.
@@ -173,7 +309,7 @@ end
 This mixin is intended to get you up and running quickly. You'll likely need to configure your own callbacks to control what exactly gets published to Cased.
-### Retrieving events from a Cased audit trail
+#### Retrieving events from a Cased audit trail
 If you plan on retrieving events from your audit trails to power a user facing audit trail or API you must use a Cased API key.
@@ -200,7 +336,7 @@ class AuditTrailController < ApplicationController
 end
 ```
-### Retrieving events from multiple Cased audit trails
+#### Retrieving events from multiple Cased audit trails
 To retrieve events from one or more Cased audit trails you can configure multiple Cased API keys and retrieve events for each one by fetching their respective clients.
@@ -227,7 +363,7 @@ results.each do |event|
 end
 ```
-### Exporting events
+#### Exporting events
 Exporting events from Cased allows you to provide users with exports of their own data or to respond to data requests.
@@ -243,7 +379,7 @@ export = Cased.policy.exports.create(
 export.download_url # => https://api.cased.com/exports/export_1dSHQSNtAH90KA8zGTooMnmMdiD/download?token=eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoidXNlcl8xZFFwWThiQmdFd2RwbWRwVnJydER6TVg0ZkgiLCJ
 ```
-### Masking & filtering sensitive information
+#### Masking & filtering sensitive information
 If you are handling sensitive information on behalf of your users you should consider masking or filtering any sensitive information.
@@ -258,7 +394,7 @@ Cased.publish(
 )
 ```
-### Console Usage
+#### Console Usage
 Most Cased events will be created by users from actions on the website from
 custom defined events or lifecycle callbacks. The exception is any console
@@ -275,7 +411,7 @@ Rails.application.console do
 end
 ```
-### Disable publishing events
+#### Disable publishing events
 Although rare, there may be times where you wish to disable publishing events to Cased. To do so wrap your transaction inside of a `Cased.disable` block:
@@ -291,7 +427,7 @@ Or you can configure the entire process to disable publishing events.
 CASED_DISABLE_PUBLISHING=1 bundle exec ruby crawl.rb
 ```
-### Context
+#### Context
 When you include `cased-rails` in your application your Ruby on Rails application is configures a [Rack middleware](https://github.com/cased/cased-ruby/blob/master/lib/cased/rack_middleware.rb) that populates `Cased.context` with the following information for each request:
@@ -364,7 +500,7 @@ To clear/reset the context:
 Cased.context.clear
 ```
-### Testing
+#### Testing
 `cased-rails` provides a Cased::TestHelper test helper class that you can use to test events are being published to Cased.

data/lib/cased/rails/version.rb CHANGED Viewed

@@ -2,6 +2,6 @@
 module Cased
   module Rails
-    VERSION = '0.4.3'
+    VERSION = '0.5.0'
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cased-rails
 version: !ruby/object:Gem::Version
-  version: 0.4.3
+  version: 0.5.0
 platform: ruby
 authors:
 - Garrett Bjerkhoel
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-03-15 00:00:00.000000000 Z
+date: 2021-05-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cased-ruby
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.4.3
+        version: 0.5.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.4.3
+        version: 0.5.0
 - !ruby/object:Gem::Dependency
   name: jbuilder
   requirement: !ruby/object:Gem::Requirement