cased-ruby 0.4.0 → 0.4.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e22f14bbfac74d8d6ed2565ab7d4dd2607b03178a8534e15681ebad08aadd047
-  data.tar.gz: aeec32fc2d39829a6e4c24b4b8024b416dad08d84528d13eaa2d310c4a3c2c59
+  metadata.gz: f91759262adc1b192cc5305bb9f84448b888bcb258c7c297f9494b0bba71b55c
+  data.tar.gz: ce78dd8209246e35dd4ed0fb76f15870b074352b29cf73f01eba426352176572
 SHA512:
-  metadata.gz: ba38566776a824c05f9750a72ca0e0b878279a07e5134fac83d54e9f10d462a8a940bf01f5d0968c1654adfb9a196f3d7ad6398614c987e41168bdf81d40cd93
-  data.tar.gz: f5bde94bab92b5cfc4dce4a146ca5a1d02d7946f14e5003386b3b82c920c656b92665b801b5ae5ef116316b0d33e7c3d727a730bda46426e30d08380b7bac798
+  metadata.gz: f13376f04cc1d8dc3c8d93ffcc0403e073d9819ec71f1344f9cb0801b596ab21e31646c89ba02c3a5577dc1afd65ee6a2f24e779eb1e45c9d59ef49b9754fcf3
+  data.tar.gz: 8a13f691413981290dfda15d90d6576fdf04723dbc4ede2872d7e9cd476488182bda4a8fdf05eec6f2680490c342fddb1d9aaf0a1f0c32be7739e284c231a01e

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    cased-ruby (0.4.0)
+    cased-ruby (0.4.1)
       activesupport (~> 6)
       dotpath (= 0.1.0)
       faraday (~> 1.0)

data/README.md

@@ -7,14 +7,17 @@ A Cased client for Ruby applications in your organization to control and monitor
 - [Installation](#installation)
 - [Configuration](#configuration)
 - [Usage](#usage)
-  - [Publishing events to Cased](#publishing-events-to-cased)
-  - [Retrieving events from a Cased audit trail](#retrieving-events-from-a-cased-audit-trail)
-  - [Retrieving events from multiple Cased audit trails](#retrieving-events-from-multiple-cased-audit-trails)
-  - [Exporting events](#exporting-events)
-  - [Masking & filtering sensitive information](#masking--filtering-sensitive-information)
-  - [Disable publishing events](#disable-publishing-events)
-  - [Context](#context)
-  - [Testing](#testing)
+  - [Cased CLI](#cased-cli)
+    - [Starting an approval workflow](#starting-an-approval-workflow)
+  - [Audit trails](#audit-trails)
+    - [Publishing events to Cased](#publishing-events-to-cased)
+    - [Retrieving events from a Cased audit trail](#retrieving-events-from-a-cased-audit-trail)
+    - [Retrieving events from multiple Cased audit trails](#retrieving-events-from-multiple-cased-audit-trails)
+    - [Exporting events](#exporting-events)
+    - [Masking & filtering sensitive information](#masking--filtering-sensitive-information)
+    - [Disable publishing events](#disable-publishing-events)
+    - [Context](#context)
+    - [Testing](#testing)
 - [Customizing cased-ruby](#customizing-cased-ruby)
 - [Contributing](#contributing)
 
@@ -56,9 +59,21 @@ Cased.configure do |config|
   # CASED_PUBLISH_URL=https://publish.cased.com
   config.publish_url = 'https://publish.cased.com'
 
+  # CASED_URL=https://app.cased.com
+  config.url = 'https://app.cased.com'
+
   # CASED_API_URL=https://api.cased.com
   config.api_url = 'https://api.cased.com'
 
+  # GUARD_APPLICATION_KEY=guard_application_1ntKX0P4vUbKoc0lMWGiSbrBHcH
+  config.guard_application_key = 'guard_application_1ntKX0P4vUbKoc0lMWGiSbrBHcH'
+
+  # GUARD_USER_TOKEN=user_1oFqlROLNRGVLOXJSsHkJiVmylr
+  config.guard_user_token = 'user_1oFqlROLNRGVLOXJSsHkJiVmylr'
+
+  # DENY_IF_UNREACHABLE=1
+  config.guard_deny_if_unreachable = true
+
   # CASED_RAISE_ON_ERRORS=1
   config.raise_on_errors = false
 
@@ -75,7 +90,99 @@ end
 
 ## Usage
 
-### Publishing events to Cased
+### Cased CLI
+
+Keep any command line tool available as your team grows — monitor usage, require peer approvals for sensitive operations, and receive intelligent alerts to suspicious activity.
+
+#### Starting an approval workflow
+
+To start an approval workflow you must first obtain your application key and the
+user token for who is requesting access.
+
+```ruby
+Cased.configure do |config|
+  config.guard_application_key = 'guard_application_1pG43HF3aRHjNTTm10zzu0tngBO'
+end
+
+authentication = Cased::CLI::Authentication.new(token: 'user_1pG43D1AzTjLR8XWJHj8B3aNZ4Y')
+session = Cased::CLI::Session.new(
+  authentication: authentication,
+  reason: 'I need export our GitHub issues.',
+  metadata: {
+    organization: 'GitHub',
+  },
+)
+
+if session.create && session.approved?
+  github.issues.each do |issue|
+    puts issue.title
+  end
+else
+  puts 'Unauthorized to export GitHub issues.'
+end
+```
+
+If you do not have the user token you can always request it interactively.
+[Cased::CLI::Identity#identify](https://github.com/cased/cased-ruby/blob/3b0c8ebd37ba7deb83236be7dba4d52c74d7e4e5/lib/cased/cli/identity.rb#L10-L21)
+is a blocking operation prompting the user to visit Cased to identify
+themselves, returning their user token upon identifying themselves which can be
+used to start your session.
+
+```ruby
+Cased.configure do |config|
+  config.guard_application_key = 'guard_application_1pG43HF3aRHjNTTm10zzu0tngBO'
+end
+
+authentication = Cased::CLI::Authentication.new
+identity = Cased::CLI::Identity.new
+authentication.token = identity.identify
+
+session = Cased::CLI::Session.new(
+  authentication: authentication,
+  reason: 'I need export our GitHub issues.',
+  metadata: {
+    organization: 'GitHub',
+  },
+)
+
+if session.create && session.approved?
+  github.issues.each do |issue|
+    puts issue.title
+  end
+else
+  puts 'Unauthorized to export GitHub issues.'
+end
+```
+
+#### Starting an interactive approval workflow
+
+If you do not want to manually create sessions and handle each state manually,
+you can use the interactive approval workflow using
+[Cased::CLI::InteractiveSession](https://github.com/cased/cased-ruby/blob/3b0c8ebd37ba7deb83236be7dba4d52c74d7e4e5/lib/cased/cli/interactive_session.rb).
+
+```ruby
+Cased.configure do |config|
+  config.guard_application_key = 'guard_application_1pG43HF3aRHjNTTm10zzu0tngBO'
+end
+
+session = Cased::CLI::InteractiveSession.start
+
+if session.approved?
+  github.issues.each do |issue|
+    puts issue.title
+  end
+else
+  puts 'Unauthorized to export GitHub issues.'
+end
+```
+
+You no longer need to handle obtaining the user token or asking for a reason up
+front, `Cased::CLI::InteractiveSession` will prompt the user for any reason
+being required as necessary.
+
+### Audit trails
+
+#### Publishing events to Cased
 
 There are two ways to publish your first Cased event.
 
@@ -170,7 +277,7 @@ Both examples above are equivelent in that they publish the following `credit_ca
 }
 ```
 
-### Retrieving events from a Cased audit trail
+#### Retrieving events from a Cased audit trail
 
 If you plan on retrieving audit events from your Cased audit trail you must use a Cased API key.
 
@@ -193,7 +300,7 @@ query.success? # => true
 query.error? # => false
 ```
 
-### Retrieving events from multiple Cased audit trails
+#### Retrieving events from multiple Cased audit trails
 
 To retrieve audit events from one or more Cased audit trails you can configure multiple Cased Policy API keys and retrieve events for each one.
 
@@ -222,7 +329,7 @@ results.each do |event|
 end
 ```
 
-### Exporting events
+#### Exporting events
 
 Exporting events from Cased allows you to provide users with exports of their own data or to respond to data requests.
 
@@ -240,7 +347,7 @@ export = Cased.policy.exports.create(
 export.download_url # => https://api.cased.com/exports/export_1dSHQSNtAH90KA8zGTooMnmMdiD/download?token=eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoidXNlcl8xZFFwWThiQmdFd2RwbWRwVnJydER6TVg0ZkgiLCJ
 ```
 
-### Masking & filtering sensitive information
+#### Masking & filtering sensitive information
 
 If you are handling sensitive information on behalf of your users you should consider masking or filtering any sensitive information.
 
@@ -257,7 +364,7 @@ Cased.publish(
 )
 ```
 
-### Console Usage
+#### Console Usage
 
 Most Cased events will be created by users from actions on the website from custom defined events or lifecycle callbacks. The exception is any console session where models may generate Cased events as you start to modify records.
 
@@ -268,7 +375,7 @@ By default any console session will include the hostname of where the console se
 Cased.context.push(actor: @actor)
 ```
 
-### Disable publishing events
+#### Disable publishing events
 
 Although rare, there may be times where you wish to disable publishing events to Cased. To do so wrap your transaction inside of a `Cased.disable` block:
 
@@ -284,7 +391,7 @@ Or you can configure the entire process to disable publishing events.
 CASED_DISABLE_PUBLISHING=1 bundle exec ruby crawl.rb
 ```
 
-### Context
+#### Context
 
 One of the most easiest ways to publish detailed events to Cased is to push contextual information on to the Cased context.
 
@@ -339,7 +446,7 @@ To clear/reset the context:
 Cased.context.clear
 ```
 
-### Testing
+#### Testing
 
 cased-ruby provides a test helper class that you can use to test events are being published to Cased.
 
@@ -390,7 +497,7 @@ class CreditCardTest < Test::Unit::TestCase
 end
 ```
 
-## Customizing cased-ruby
+### Customizing cased-ruby
 
 Out of the box cased-ruby takes care of serializing objects for you to the best of its ability, but you can customize cased-ruby should you like to fit your products needs.
 

data/lib/cased/cli/asciinema/writer.rb

@@ -11,6 +11,7 @@ module Cased
 
         attr_accessor :width
         attr_accessor :height
+        attr_reader :command
         attr_reader :stream
         attr_reader :started_at
         attr_reader :finished_at
@@ -51,6 +52,7 @@ module Cased
             },
             'width' => width,
             'height' => height,
+            'command' => command.join(' '),
           }.tap do |h|
             if started_at
               h['timestamp'] = started_at.to_i

data/lib/cased/cli/authentication.rb

@@ -9,8 +9,8 @@ module Cased
       attr_reader :credentials_path
       attr_writer :token
 
-      def initialize
-        @token = Cased.config.guard_user_token
+      def initialize(token: nil)
+        @token = token || Cased.config.guard_user_token
         @directory = Pathname.new(File.expand_path('~/.cguard'))
         @credentials_path = @directory.join('credentials')
       end

data/lib/cased/cli/recorder.rb

@@ -6,6 +6,7 @@ module Cased
   module CLI
     class Recorder
       KEY = 'CASED_CLI_RECORDING'
+      TRUE = '1'
 
       attr_reader :command
       attr_reader :events
@@ -17,7 +18,7 @@ module Cased
 
       # @return [Boolean] if CLI session is being recorded.
       def self.recording?
-        ENV[KEY] == '1'
+        ENV[KEY] == TRUE
       end
 
       def initialize(command, env: {})
@@ -27,10 +28,10 @@ module Cased
         @height = Subprocess.check_output(%w[tput lines]).strip.to_i
 
         subprocess_env = ENV.to_h.dup
-        subprocess_env[KEY] = '1'
+        subprocess_env[KEY] = TRUE
         subprocess_env.merge!(env)
         @writer = Cased::CLI::Asciinema::Writer.new(
-          command: command.join(' '),
+          command: command,
           width: width,
           height: height,
         )

data/lib/cased/cli/session.rb

@@ -22,9 +22,7 @@ module Cased
       # If we're inside of a recorded session we can lookup the session
       # we're in.
       def self.current
-        return @current if defined?(@current)
-
-        @current = if ENV['GUARD_SESSION_ID']
+        @current ||= if ENV['GUARD_SESSION_ID']
           Cased::CLI::Session.find(ENV['GUARD_SESSION_ID'])
         end
       end
@@ -121,7 +119,7 @@ module Cased
       def initialize(reason: nil, command: nil, metadata: {}, authentication: nil)
         @authentication = authentication || Cased::CLI::Authentication.new
         @reason = reason
-        @command = command
+        @command = command || [$PROGRAM_NAME, *ARGV].join(' ')
         @metadata = metadata
         @requester = {}
         @responder = {}
@@ -201,7 +199,7 @@ module Cased
       end
 
       def record
-        return unless recordable? && record_output?
+        return false unless recordable? && record_output?
 
         Cased::CLI::Log.log 'CLI session is now recording'
 

data/lib/cased/config.rb

@@ -26,6 +26,19 @@ module Cased
     #    end
     attr_reader :http_read_timeout
 
+    # The Cased HTTP URL. Defaults to https://app.cased.com
+    #
+    # @example
+    #    CASED_URL="https://app.cased.com" rails server
+    #
+    # @example
+    #    Cased.configure do |config|
+    #      config.url = "https://app.cased.com"
+    #    end
+    #
+    # @return [String]
+    attr_accessor :url
+
     # The Cased HTTP API URL. Defaults to https://api.cased.com
     #
     # @example
@@ -62,7 +75,7 @@ module Cased
     #    Cased.configure do |config|
     #      config.guard_deny_if_unreachable = true
     #    end
-    attr_accessor :guard_deny_if_unreachable
+    attr_reader :guard_deny_if_unreachable
 
     # The URL to publish audit events to. Defaults to https://publish.cased.com
     #
@@ -140,11 +153,12 @@ module Cased
       @http_read_timeout = ENV.fetch('CASED_HTTP_READ_TIMEOUT', 10).to_i
       @http_open_timeout = ENV.fetch('CASED_HTTP_OPEN_TIMEOUT', 5).to_i
       @raise_on_errors = !ENV['CASED_RAISE_ON_ERRORS'].nil?
+      @url = ENV.fetch('CASED_URL', 'https://app.cased.com')
       @api_url = ENV.fetch('CASED_API_URL', 'https://api.cased.com')
       @publish_url = ENV.fetch('CASED_PUBLISH_URL', 'https://publish.cased.com')
       @guard_application_key = ENV['GUARD_APPLICATION_KEY']
       @guard_user_token = ENV['GUARD_USER_TOKEN']
-      @guard_deny_if_unreachable = parse_bool(ENV['DENY_IF_UNREACHABLE'])
+      self.guard_deny_if_unreachable = ENV['DENY_IF_UNREACHABLE']
       @publish_key = ENV['CASED_PUBLISH_KEY']
       @silence = !ENV['CASED_SILENCE'].nil?
       @policy_keys = Hash.new do |hash, key|
@@ -199,6 +213,10 @@ module Cased
       @silence || !ENV['CASED_SILENCE'].nil?
     end
 
+    def guard_deny_if_unreachable=(value)
+      @guard_deny_if_unreachable = parse_bool(value)
+    end
+
     def guard_deny_if_unreachable?
       @guard_deny_if_unreachable
     end

data/lib/cased/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Cased
-  VERSION = '0.4.0'
+  VERSION = '0.4.1'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cased-ruby
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.4.1
 platform: ruby
 authors:
 - Garrett Bjerkhoel
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-03-02 00:00:00.000000000 Z
+date: 2021-03-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport