cedar_policy 0.1.0-x86_64-linux → 0.4.0-x86_64-linux

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c93f5a166a34ec6a625ff7a71a5e0c3fa86344800ae6d86e25e8439deca113e9
-  data.tar.gz: a12660fe79173812012a860b0988b65d5f1115f26b80b1add35718664f8b4406
+  metadata.gz: e88b4b6af42c4f2193942a2617df23db000e0d0f39bd694ed3992956ac3f2936
+  data.tar.gz: 58210782b8b702de789a11c8fe3d6355309ec03f1ad7be34caaf4be324c9c623
 SHA512:
-  metadata.gz: 6ea250afe20690355534bc1020a0abf0519dfb638f61ad2bd0867bbbe2e7ee92d59fd34f15c3ae976300b743b3436049aa5055a99b68a47b334e1315a9ee4af1
-  data.tar.gz: 459f3f84c16aa45a11c6e2be93ba0c4196a64eaac9f7e5f9f549aae53333d2f234715a62068f6301a1f8cebbc4e25a20e31a8f9d4f41c2e5677a28f27ee6d60a
+  metadata.gz: 4410cbaf721c6c169e4df32686084b2ed76c26e9734dc0b8ed1893fe192c3e7a154fd4d6c09794079cc10135a7b90659c782e89e19b6f4a852b7f10c810db40e
+  data.tar.gz: 374db2e353a5293677bf69c53012756707663738e8b9f45f1919cb9fd9197596fad540ea7cd4e281d7c98eb1bd422bca28580e51152c40892559d3330c8df9ae

data/.cross_rubies

@@ -1,23 +1,19 @@
 3.0.0:aarch64-linux
-3.0.0:arm-linux
 3.0.0:arm64-darwin
 3.0.0:x64-mingw32
 3.0.0:x86_64-darwin
 3.0.0:x86_64-linux
 3.1.0:aarch64-linux
-3.1.0:arm-linux
 3.1.0:arm64-darwin
 3.1.0:x64-mingw-ucrt
 3.1.0:x86_64-darwin
 3.1.0:x86_64-linux
 3.2.0:aarch64-linux
-3.2.0:arm-linux
 3.2.0:arm64-darwin
 3.2.0:x64-mingw-ucrt
 3.2.0:x86_64-darwin
 3.2.0:x86_64-linux
 3.3.0:aarch64-linux
-3.3.0:arm-linux
 3.3.0:arm64-darwin
 3.3.0:x64-mingw-ucrt
 3.3.0:x86_64-darwin

data/.release-please-manifest.json

@@ -0,0 +1 @@
+{".":"0.4.0"}

data/.rubocop.yml

@@ -1,6 +1,8 @@
 AllCops:
   NewCops: enable
   TargetRubyVersion: 3.0
+  SuggestExtensions: false
+
 
 Style/StringLiterals:
   EnforcedStyle: double_quotes

data/CHANGELOG.md

@@ -0,0 +1,13 @@
+# Changelog
+
+## [0.4.0](https://github.com/elct9620/cedar-policy-rb/compare/cedar_policy-v0.3.0...cedar_policy/v0.4.0) (2024-10-06)
+
+
+### Features
+
+* **deps:** upgrade cedar-policy to v4.1.0 ([61d6fa1](https://github.com/elct9620/cedar-policy-rb/commit/61d6fa1a59ab2edd71972410c1d9d697fde60776))
+
+
+### Bug Fixes
+
+* commitizen hook file bundled into gem ([b0c9c77](https://github.com/elct9620/cedar-policy-rb/commit/b0c9c77459ec614bfd4698d804969adb9b4bccc1))

data/README.md

@@ -1,24 +1,112 @@
-# CedarPolicy
+Cedar Policy
+===
 
-TODO: Delete this and the text below, and describe your gem
-
-Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/cedar_policy`. To experiment with that code, run `bin/console` for an interactive prompt.
+Ruby bindings for Cedar policy evaluation engine.
 
 ## Installation
 
-TODO: Replace `UPDATE_WITH_YOUR_GEM_NAME_IMMEDIATELY_AFTER_RELEASE_TO_RUBYGEMS_ORG` with your gem name right after releasing it to RubyGems.org. Please do not do it earlier due to security reasons. Alternatively, replace this section with instructions to install your gem from git if you don't plan to release to RubyGems.org.
-
 Install the gem and add to the application's Gemfile by executing:
 
-    $ bundle add UPDATE_WITH_YOUR_GEM_NAME_IMMEDIATELY_AFTER_RELEASE_TO_RUBYGEMS_ORG
+    $ bundle add cedar_policy
 
 If bundler is not being used to manage dependencies, install the gem by executing:
 
-    $ gem install UPDATE_WITH_YOUR_GEM_NAME_IMMEDIATELY_AFTER_RELEASE_TO_RUBYGEMS_ORG
+    $ gem install cedar_policy
 
 ## Usage
 
-TODO: Write usage instructions here
+> [!WARNING]
+> This gem is still under development and the API may change in the future.
+
+### PolicySet
+
+Define a policy by Cedar Language:
+
+```ruby
+policy = <<~POLICY
+          permit(
+            principal == AdminUser::"1",
+            action == Action::"view",
+            resource
+          );
+        POLICY
+policy_set = CedarPolicy::PolicySet.new(policy)
+```
+
+> Currently, the single policy is not supported.
+
+### Request
+
+Prepare the Entity's ID via `EntityUid` or an object with `#to_hash` method which returns a hash with `:type` and `:id` keys.
+
+```ruby
+principal = CedarPolicy::EntityUid.new("User", "1") # or { type: "User", id: "1" }
+action = CedarPolicy::EntityUid.new("Action", "view")
+resource = CedarPolicy::EntityUid.new("Image", "1")
+```
+
+The `Context` object is used to store the request context. Use `Context` or an object with `#to_hash` method which returns a hash.
+
+```ruby
+ctx = CedarPolicy::Context.new({ ip: "127.0.0.1" }) # or { ip: "127.0.0.1" }
+```
+> The `Context` object can initialize without any arguments as an empty context.
+
+Create a `Request` object with the principal, action, resource, and context.
+
+```ruby
+request = CedarPolicy::Request.new(principal, action, resource, ctx)
+```
+
+### Entities
+
+Define the entities with related this request. It should be an array of `Entity` objects which have `#to_hash` method returns a hash with `:uid`,`:attrs`, and `:parents` keys.
+
+```ruby
+entities = CedarPolicy::Entities.new([
+    CedarPolicy::Entity.new(
+        CedarPolicy::EntityUid.new("User", "1"),
+        { role: "admin" },
+        [] # Parents' EntityUid
+    ),
+    {
+        uid: { type: "Image", id: "1" },
+        attrs: {},
+        parents: []
+    }
+])
+```
+
+### Authorizer
+
+Create an `Authorizer` object and authorize the request with the policy set and entities.
+
+```ruby
+authorizer = CedarPolicy::Authorizer.new
+```
+
+If boolean result is enough, use `#authorize?` method.
+
+```ruby
+authorizer.authorize?(request, policy_set, entities) # => true
+```
+
+If you want to get the decision object, use `#authorize` method.
+
+```ruby
+response = authorizer.authorize(request, policy_set, entities)
+response.decision # => CedarPolicy::Decision::ALLOW
+```
+
+> The diagnostics is not supported yet in the response.
+
+## Roadmap
+
+* [ ] Add DSL to improve developer experience
+* [ ] Add batch authorization support
+* [x] Diagnostics return with response
+* [ ] Validator support
+* [ ] Schema support
 
 ## Development
 
@@ -28,7 +116,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/cedar_policy.
+Bug reports and pull requests are welcome on GitHub at https://github.com/elct9620/cedar-policy-rb.
 
 ## License
 

data/lib/cedar_policy/context.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module CedarPolicy
+  # :nodoc:
+  class Context
+    def initialize(context = {})
+      @context = context
+    end
+
+    def to_hash
+      CedarPolicy.deep_serialize(@context)
+    end
+  end
+end

data/lib/cedar_policy/entities.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module CedarPolicy
+  # :nodoc:
+  class Entities
+    include Enumerable
+
+    def initialize(entities = [])
+      @entities = Set.new(entities.map do |entity|
+        next entity if entity.is_a?(Entity)
+
+        Entity.new(*entity.values_at(:uid, :attrs, :parents))
+      end)
+    end
+
+    def each(&block)
+      return enum_for(:each) unless block_given?
+
+      @entities.each(&block)
+    end
+
+    def to_ary
+      @entities.map { |entity| CedarPolicy.deep_serialize(entity) }
+    end
+  end
+end

data/lib/cedar_policy/entity.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module CedarPolicy
+  # :nodoc:
+  class Entity
+    attr_reader :uid, :attrs, :parents
+
+    def initialize(uid, attrs = {}, parents = [])
+      raise ArgumentError unless uid.is_a?(EntityUid) || uid.is_a?(Hash)
+
+      @uid = if uid.is_a?(EntityUid)
+               uid
+             else
+               EntityUid.new(*uid.values_at(:type, :id))
+             end
+      @attrs = attrs
+      @parents = Set.new(parents)
+    end
+
+    def eql?(other)
+      hash == other.hash
+    end
+
+    def hash
+      [self.class, @uid].hash
+    end
+
+    def to_hash
+      {
+        uid: @uid,
+        attrs: @attrs,
+        parents: @parents.to_a
+      }
+    end
+  end
+end

data/lib/cedar_policy/entity_uid.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module CedarPolicy
+  # :nodoc:
+  class EntityUid
+    attr_reader :type_name, :id
+
+    def initialize(type_name, id)
+      @type_name = type_name.to_s
+      @id = id.to_s
+
+      freeze
+    end
+
+    def eql?(other)
+      hash == other.hash
+    end
+    alias == eql?
+
+    def hash
+      [self.class, @type_name, @id].hash
+    end
+
+    def to_str
+      "#{@type_name}::#{@id.inspect}"
+    end
+    alias to_s to_str
+    alias inspect to_str
+
+    def to_hash
+      { type: @type_name, id: @id }
+    end
+  end
+end

data/lib/cedar_policy/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module CedarPolicy
-  VERSION = "0.1.0"
+  VERSION = "0.4.0"
 end

data/lib/cedar_policy.rb

@@ -1,9 +1,29 @@
 # frozen_string_literal: true
 
+require "json"
+require "set"
+
 require_relative "cedar_policy/version"
 require_relative "cedar_policy/cedar_policy"
+require_relative "cedar_policy/entity_uid"
+require_relative "cedar_policy/entity"
+require_relative "cedar_policy/entities"
+require_relative "cedar_policy/context"
 
+# :nodoc:
 module CedarPolicy
   class Error < StandardError; end
-  # Your code goes here...
+
+  def self.deep_serialize(input)
+    input.to_hash.each_with_object({}) do |(key, value), output|
+      output[key.to_sym] =
+        case value
+        when ->(h) { h.respond_to?(:to_hash) } then deep_serialize(value)
+        when Array
+          value.map { |item| item.respond_to?(:to_hash) ? deep_serialize(item) : item }
+        else
+          value
+        end
+    end
+  end
 end

data/release-please-config.json

@@ -0,0 +1,17 @@
+{
+  "release-type": "ruby",
+  "last-release-sha": "7d06a6458e9805cc6ec05f456c650708cc9d9e9f",
+  "packages": {
+    ".":{
+        "release-type": "ruby",
+        "version-file": "lib/cedar_policy/version.rb"
+      }
+  },
+  "extra-files": [
+    {
+      "type": "toml",
+      "path": "ext/cedar_policy/Cargo.toml",
+      "jsonpath": "$.package.version"
+    }
+  ]
+}

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cedar_policy
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.4.0
 platform: x86_64-linux
 authors:
 - Aotokitsuruya
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2024-08-13 00:00:00.000000000 Z
+date: 2024-10-06 00:00:00.000000000 Z
 dependencies: []
 description: Ruby bindings for Cedar policy evaluation engine.
 email:
@@ -18,8 +18,10 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".cross_rubies"
+- ".release-please-manifest.json"
 - ".rspec"
 - ".rubocop.yml"
+- CHANGELOG.md
 - LICENSE.txt
 - README.md
 - Rakefile
@@ -28,7 +30,12 @@ files:
 - lib/cedar_policy/3.1/cedar_policy.so
 - lib/cedar_policy/3.2/cedar_policy.so
 - lib/cedar_policy/3.3/cedar_policy.so
+- lib/cedar_policy/context.rb
+- lib/cedar_policy/entities.rb
+- lib/cedar_policy/entity.rb
+- lib/cedar_policy/entity_uid.rb
 - lib/cedar_policy/version.rb
+- release-please-config.json
 - sig/cedar_policy.rbs
 homepage: https://github.com/elct9620/cedar-policy-rb
 licenses: