cased-ruby 0.3.3 → 0.4.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 45c422e1920ea510d16c5c8a5b91016ac2a4eedb9a2b880ff29018dc18580a13
-  data.tar.gz: 83e14abb44637e8d61a3fff592d8b434cbf8373cd8a4c8afede513cf89852f8a
+  metadata.gz: 136251a6fad727d85e14bf64bfdb5ecf33fdba19735646c3599398c7a0e44abb
+  data.tar.gz: 94f191ec590bc6bd68ef98b137abbaa052c8438573bb84d9cb9b63ffec4ae8e4
 SHA512:
-  metadata.gz: 5beffb4be2a539b74e6145c4d4b7b96ae6aea94c2bb5cdf9a79dfb90bfaeac615c80b537db0249702d807acb7f69727ff7b81cfc62896d03ad6e2c44124c1360
-  data.tar.gz: 8ae4ac844f566981de31a5d51ecfe28d4e665f9cebd5c6f5327a596b052e43e92ab0d7db9bb07029211f0786db5baf00035db8022a376b5ea3ba30ac512dbbda
+  metadata.gz: 613409847cfcda2948b2b3559a754ac6822fca908cec0d1a089475be19801290bf8aee866e592d00bef882b1e3b7027ead484346bd39a404c171b8205a5631fa
+  data.tar.gz: 3a3d8435ecce240a7cff4a83061c57412d08dd1d16e91c9995caf1f755a4706f40744e7ce11c015a4557d66ea1948b6c54caf05f893205a2f8296aedb9780e7b

data/Gemfile.lock

@@ -1,43 +1,48 @@
 PATH
   remote: .
   specs:
-    cased-ruby (0.3.3)
+    cased-ruby (0.4.4)
       activesupport (~> 6)
       dotpath (= 0.1.0)
       faraday (~> 1.0)
       faraday_middleware (~> 1.0)
       json (~> 2)
+      jwt (~> 2)
       net-http-persistent (~> 3.0)
+      subprocess (~> 1.5.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (6.0.3.4)
+    activesupport (6.1.3)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-      zeitwerk (~> 2.2, >= 2.2.2)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+      zeitwerk (~> 2.3)
     addressable (2.7.0)
       public_suffix (>= 2.0.2, < 5.0)
     ast (2.4.0)
     byebug (11.0.1)
-    concurrent-ruby (1.1.7)
+    concurrent-ruby (1.1.8)
     connection_pool (2.2.2)
     crack (0.4.3)
       safe_yaml (~> 1.0.0)
     docile (1.3.2)
     dotpath (0.1.0)
-    faraday (1.1.0)
+    faraday (1.3.0)
+      faraday-net_http (~> 1.0)
       multipart-post (>= 1.2, < 3)
       ruby2_keywords
+    faraday-net_http (1.0.1)
     faraday_middleware (1.0.0)
       faraday (~> 1.0)
     hashdiff (1.0.1)
-    i18n (1.8.5)
+    i18n (1.8.9)
       concurrent-ruby (~> 1.0)
     jaro_winkler (1.5.4)
-    json (2.3.1)
+    json (2.5.1)
+    jwt (2.2.2)
     minitest (5.13.0)
     mocha (1.11.2)
     multipart-post (2.1.1)
@@ -63,7 +68,7 @@ GEM
     rubocop-performance (1.5.2)
       rubocop (>= 0.71.0)
     ruby-progressbar (1.10.1)
-    ruby2_keywords (0.0.2)
+    ruby2_keywords (0.0.4)
     safe_yaml (1.0.5)
     sidekiq (6.0.7)
       connection_pool (>= 2.2.2)
@@ -74,16 +79,16 @@ GEM
       docile (~> 1.1)
       simplecov-html (~> 0.11)
     simplecov-html (0.12.2)
-    thread_safe (0.3.6)
-    tzinfo (1.2.7)
-      thread_safe (~> 0.1)
+    subprocess (1.5.4)
+    tzinfo (2.0.4)
+      concurrent-ruby (~> 1.0)
     unicode-display_width (1.6.1)
     webmock (3.8.3)
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
     yard (0.9.24)
-    zeitwerk (2.4.0)
+    zeitwerk (2.4.2)
 
 PLATFORMS
   ruby

data/README.md

@@ -7,16 +7,19 @@ A Cased client for Ruby applications in your organization to control and monitor
 - [Installation](#installation)
 - [Configuration](#configuration)
 - [Usage](#usage)
-  - [Publishing events to Cased](#publishing-events-to-cased)
-  - [Retrieving events from a Cased Policy](#retrieving-events-from-a-cased-policy)
-  - [Retrieving events from a Cased Policy containing variables](#retrieving-events-from-a-cased-policy-containing-variables)
-  - [Retrieving events from multiple Cased Policies](#retrieving-events-from-multiple-cased-policies)
-  - [Exporting events](#exporting-events)
-  - [Masking & filtering sensitive information](#masking-and-filtering-sensitive-information)
-  - [Disable publishing events](#disable-publishing-events)
-  - [Context](#context)
-  - [Testing](#testing)
+  - [Cased CLI](#cased-cli)
+    - [Starting an approval workflow](#starting-an-approval-workflow)
+  - [Audit trails](#audit-trails)
+    - [Publishing events to Cased](#publishing-events-to-cased)
+    - [Retrieving events from a Cased audit trail](#retrieving-events-from-a-cased-audit-trail)
+    - [Retrieving events from multiple Cased audit trails](#retrieving-events-from-multiple-cased-audit-trails)
+    - [Exporting events](#exporting-events)
+    - [Masking & filtering sensitive information](#masking--filtering-sensitive-information)
+    - [Disable publishing events](#disable-publishing-events)
+    - [Context](#context)
+    - [Testing](#testing)
 - [Customizing cased-ruby](#customizing-cased-ruby)
+- [Contributing](#contributing)
 
 ## Installation
 
@@ -56,9 +59,21 @@ Cased.configure do |config|
   # CASED_PUBLISH_URL=https://publish.cased.com
   config.publish_url = 'https://publish.cased.com'
 
+  # CASED_URL=https://app.cased.com
+  config.url = 'https://app.cased.com'
+
   # CASED_API_URL=https://api.cased.com
   config.api_url = 'https://api.cased.com'
 
+  # GUARD_APPLICATION_KEY=guard_application_1ntKX0P4vUbKoc0lMWGiSbrBHcH
+  config.guard_application_key = 'guard_application_1ntKX0P4vUbKoc0lMWGiSbrBHcH'
+
+  # GUARD_USER_TOKEN=user_1oFqlROLNRGVLOXJSsHkJiVmylr
+  config.guard_user_token = 'user_1oFqlROLNRGVLOXJSsHkJiVmylr'
+
+  # DENY_IF_UNREACHABLE=1
+  config.guard_deny_if_unreachable = true
+
   # CASED_RAISE_ON_ERRORS=1
   config.raise_on_errors = false
 
@@ -75,7 +90,100 @@ end
 
 ## Usage
 
-### Publishing events to Cased
+### Cased CLI
+
+Keep any command line tool available as your team grows — monitor usage, require peer approvals for sensitive operations, and receive intelligent alerts to suspicious activity.
+
+#### Starting an approval workflow
+
+To start an approval workflow you must first obtain your application key and the
+user token for who is requesting access.
+
+```ruby
+Cased.configure do |config|
+  config.guard_application_key = 'guard_application_1pG43HF3aRHjNTTm10zzu0tngBO'
+end
+
+authentication = Cased::CLI::Authentication.new(token: 'user_1pG43D1AzTjLR8XWJHj8B3aNZ4Y')
+session = Cased::CLI::Session.new(
+  authentication: authentication,
+  reason: 'I need export our GitHub issues.',
+  metadata: {
+    organization: 'GitHub',
+  },
+)
+
+if session.create && session.approved?
+  github.issues.each do |issue|
+    puts issue.title
+  end
+else
+  puts 'Unauthorized to export GitHub issues.'
+end
+```
+
+If you do not have the user token you can always request it interactively.
+[Cased::CLI::Identity#identify](https://github.com/cased/cased-ruby/blob/3b0c8ebd37ba7deb83236be7dba4d52c74d7e4e5/lib/cased/cli/identity.rb#L10-L21)
+is a blocking operation prompting the user to visit Cased to identify
+themselves, returning their user token upon identifying themselves which can be
+used to start your session.
+
+```ruby
+Cased.configure do |config|
+  config.guard_application_key = 'guard_application_1pG43HF3aRHjNTTm10zzu0tngBO'
+end
+
+authentication = Cased::CLI::Authentication.new
+identity = Cased::CLI::Identity.new
+token, ip_address = identity.identify
+authentication.token = token
+
+session = Cased::CLI::Session.new(
+  authentication: authentication,
+  reason: 'I need export our GitHub issues.',
+  metadata: {
+    organization: 'GitHub',
+  },
+)
+
+if session.create && session.approved?
+  github.issues.each do |issue|
+    puts issue.title
+  end
+else
+  puts 'Unauthorized to export GitHub issues.'
+end
+```
+
+#### Starting an interactive approval workflow
+
+If you do not want to manually create sessions and handle each state manually,
+you can use the interactive approval workflow using
+[Cased::CLI::InteractiveSession](https://github.com/cased/cased-ruby/blob/3b0c8ebd37ba7deb83236be7dba4d52c74d7e4e5/lib/cased/cli/interactive_session.rb).
+
+```ruby
+Cased.configure do |config|
+  config.guard_application_key = 'guard_application_1pG43HF3aRHjNTTm10zzu0tngBO'
+end
+
+session = Cased::CLI::InteractiveSession.start
+
+if session.approved?
+  github.issues.each do |issue|
+    puts issue.title
+  end
+else
+  puts 'Unauthorized to export GitHub issues.'
+end
+```
+
+You no longer need to handle obtaining the user token or asking for a reason up
+front, `Cased::CLI::InteractiveSession` will prompt the user for any reason
+being required as necessary.
+
+### Audit trails
+
+#### Publishing events to Cased
 
 There are two ways to publish your first Cased event.
 
@@ -100,7 +208,7 @@ Cased.publish(
 
 **Cased::Model**
 
-cased-ruby provides a class mixin that gives you a framework to publish events.
+`cased-ruby` provides a class mixin that gives you a framework to publish events.
 
 ```ruby
 require 'cased-ruby'
@@ -170,9 +278,9 @@ Both examples above are equivelent in that they publish the following `credit_ca
 }
 ```
 
-### Retrieving events from a Cased Policy
+#### Retrieving events from a Cased audit trail
 
-If you plan on retrieving events from your audit trails you must use an Cased Policy token.
+If you plan on retrieving audit events from your Cased audit trail you must use a Cased API key.
 
 ```ruby
 require 'cased-ruby'
@@ -193,31 +301,9 @@ query.success? # => true
 query.error? # => false
 ```
 
-### Retrieving events from a Cased Policy containing variables
-
-Cased policies allow you to filter events by providing variables to your Cased Policy events query. One example of a Cased Policy is to have a single Cased Policy that you can use to query events for any user in your database without having to create a Cased Policy for each user.
-
-```ruby
-require 'cased-ruby'
-
-Cased.configure do |config|
-  config.policy_key = 'policy_live_1dQpY5JliYgHSkEntAbMVzuOROh'
-end
-
-variables = {
-  user_id: 'user_1dSHQSNtAH90KA8zGTooMnmMdiD',
-}
-query = Cased.policy(variables: variables).events.limit(25).page(1)
-results = query.results
-results.each do |event|
-  puts event['action'] # => credit_card.charge
-  puts event['timestamp'] # => 2020-06-23T02:02:39.932759Z
-end
-```
-
-### Retrieving events from multiple Cased Policies
+#### Retrieving events from multiple Cased audit trails
 
-To retrieve events from one or more Cased Policies you can configure multiple Cased Policy API keys and retrieve events for each one.
+To retrieve audit events from one or more Cased audit trails you can configure multiple Cased Policy API keys and retrieve events for each one.
 
 ```ruby
 require 'cased-ruby'
@@ -229,14 +315,14 @@ Cased.configure do |config|
   }
 end
 
-query = Cased.policy[:users].events.limit(25).page(1)
+query = Cased.policies[:users].events.limit(25).page(1)
 results = query.results
 results.each do |event|
   puts event['action'] # => user.login
   puts event['timestamp'] # => 2020-06-23T02:02:39.932759Z
 end
 
-query = Cased.policy[:organizations].events.limit(25).page(1)
+query = Cased.policies[:organizations].events.limit(25).page(1)
 results = query.results
 results.each do |event|
   puts event['action'] # => organization.create
@@ -244,9 +330,9 @@ results.each do |event|
 end
 ```
 
-### Exporting events
+#### Exporting events
 
-Exporting events from a Cased Policy allows you to provide users with exports of their own data or to respond to data requests.
+Exporting events from Cased allows you to provide users with exports of their own data or to respond to data requests.
 
 ```ruby
 require 'cased-ruby'
@@ -262,7 +348,7 @@ export = Cased.policy.exports.create(
 export.download_url # => https://api.cased.com/exports/export_1dSHQSNtAH90KA8zGTooMnmMdiD/download?token=eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoidXNlcl8xZFFwWThiQmdFd2RwbWRwVnJydER6TVg0ZkgiLCJ
 ```
 
-### Masking & filtering sensitive information
+#### Masking & filtering sensitive information
 
 If you are handling sensitive information on behalf of your users you should consider masking or filtering any sensitive information.
 
@@ -279,23 +365,18 @@ Cased.publish(
 )
 ```
 
-### Console Usage
+#### Console Usage
 
-Most Cased events will be created by users from actions on the website from
-custom defined events or lifecycle callbacks. The exception is any console
-session where models may generate Cased events as you start to modify records.
+Most Cased events will be created by users from actions on the website from custom defined events or lifecycle callbacks. The exception is any console session where models may generate Cased events as you start to modify records.
 
-By default any console session will include the hostname of where the console
-session takes place. Since every event must have an actor, you must set the
-actor at the beginning of your console session. If you don't know the user,
-it's recommended you create a system/robot user.
+By default any console session will include the hostname of where the console session takes place. Since every event must have an actor, you must set the actor at the beginning of your console session. If you don't know the user, it's recommended you create a system/robot user.
 
 ```ruby
 # OTHER CONSOLE INITIALIZATION HERE
 Cased.context.push(actor: @actor)
 ```
 
-### Disable publishing events
+#### Disable publishing events
 
 Although rare, there may be times where you wish to disable publishing events to Cased. To do so wrap your transaction inside of a `Cased.disable` block:
 
@@ -311,7 +392,7 @@ Or you can configure the entire process to disable publishing events.
 CASED_DISABLE_PUBLISHING=1 bundle exec ruby crawl.rb
 ```
 
-### Context
+#### Context
 
 One of the most easiest ways to publish detailed events to Cased is to push contextual information on to the Cased context.
 
@@ -366,7 +447,7 @@ To clear/reset the context:
 Cased.context.clear
 ```
 
-### Testing
+#### Testing
 
 cased-ruby provides a test helper class that you can use to test events are being published to Cased.
 
@@ -417,7 +498,7 @@ class CreditCardTest < Test::Unit::TestCase
 end
 ```
 
-## Customizing cased-ruby
+### Customizing cased-ruby
 
 Out of the box cased-ruby takes care of serializing objects for you to the best of its ability, but you can customize cased-ruby should you like to fit your products needs.
 

data/bin/cli

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'bundler/setup'
+require 'cased-ruby'
+
+Cased.configure do |config|
+  config.guard_application_key = 'guard_application_1oFqltbMqSEtJQKRCAYQNrQoXsS'
+  config.guard_deny_if_unreachable = true
+end
+
+Cased::CLI::InteractiveSession.start
+
+puts 'Something destructive'

data/cased-ruby.gemspec

@@ -33,7 +33,9 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'faraday', '~> 1.0'
   spec.add_dependency 'faraday_middleware', '~> 1.0'
   spec.add_dependency 'json', '~> 2'
+  spec.add_dependency 'jwt', '~> 2'
   spec.add_dependency 'net-http-persistent', '~> 3.0'
+  spec.add_dependency 'subprocess', '~> 1.5.0'
   spec.add_development_dependency 'bundler', '2.1.4'
   spec.add_development_dependency 'byebug', '11.0.1'
   spec.add_development_dependency 'minitest', '5.13.0'

data/lib/cased.rb

@@ -15,6 +15,7 @@ require 'cased/sensitive'
 require 'cased/publishers'
 require 'cased/test_helper'
 require 'cased/instrumentation/log_subscriber'
+require 'cased/cli'
 
 # Integrations
 begin

data/lib/cased/cli.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Cased
+  module CLI
+  end
+end
+
+require 'cased/cli/asciinema/writer'
+require 'cased/cli/asciinema/file'
+require 'cased/cli/recorder'
+require 'cased/cli/log'
+require 'cased/cli/session'
+require 'cased/cli/interactive_session'

data/lib/cased/cli/asciinema/file.rb

@@ -0,0 +1,108 @@
+# frozen_string_literal: true
+
+require 'json'
+
+module Cased
+  module CLI
+    # Spec: https://github.com/asciinema/asciinema/blob/develop/doc/asciicast-v2.md
+    module Asciinema
+      class File
+        OUT = 'o'
+        IN = 'i'
+
+        def self.from_writer(writer)
+          new(writer.header, writer.stream)
+        end
+
+        def self.from_cast(cast)
+          stream = cast.split("\n").collect do |data|
+            JSON.parse(data)
+          end
+          header = stream.shift
+
+          new(header, stream)
+        end
+
+        # Required
+        attr_reader :header
+        attr_reader :version
+        attr_reader :width
+        attr_reader :height
+        attr_reader :stream
+
+        # Optional
+        attr_reader :timestamp
+        attr_reader :duration
+        attr_reader :idle_time_limit
+        attr_reader :command
+        attr_reader :title
+        attr_reader :env
+        attr_reader :theme
+
+        def initialize(header, stream)
+          @header = header
+          @version = header.fetch('version')
+          @width = header.fetch('width')
+          @height = header.fetch('height')
+          self.timestamp = header['timestamp']
+          self.duration = header['duration']
+          self.idle_time_limit = header['idle_time_limit']
+          @command = header['command']
+          @title = header['title']
+          @env = header.fetch('env', {})
+          @theme = header['theme']
+          @stream = stream
+        end
+
+        def timestamp=(new_timestamp)
+          @timestamp = case new_timestamp
+          when Integer
+            Time.at(new_timestamp)
+          when Time, NilClass
+            new_timestamp
+          else
+            raise ArgumentError, "unexpected timestamp format #{new_timestamp.class}, expected Integer, Time, or nil"
+          end
+        end
+
+        def duration=(new_duration)
+          @duration = case new_duration
+          when Float, NilClass
+            new_duration
+          else
+            raise ArgumentError, "unexpected duration format #{new_duration.class}, expected Float or nil"
+          end
+        end
+
+        def idle_time_limit=(new_idle_time_limit)
+          @idle_time_limit = case new_idle_time_limit
+          when Numeric, NilClass
+            new_idle_time_limit
+          else
+            raise ArgumentError, "unexpected idle_time_limit format #{new_idle_time_limit.class}, expected Integer, Float, or nil"
+          end
+        end
+
+        def to_cast
+          builder = []
+          builder << JSON.dump(header)
+          stream.each do |duration, type, data|
+            builder << JSON.dump([duration, type, data])
+          end
+          builder.join("\n")
+        end
+
+        def to_s
+          str = []
+          stream.each do |_timestamp, type, data|
+            next unless type == OUT
+
+            str << data
+          end
+
+          str.join
+        end
+      end
+    end
+  end
+end