cedar_policy 0.2.0-aarch64-linux → 0.3.0-aarch64-linux

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 53c1536ca6c17b8b9f0cb372ccdf13b9e20f5593ce6ef66c59dd82e67fd1cb0d
4
- data.tar.gz: 35018cac5ec285f39caefa582efda651d55799e1ac49c91cf49039fcd3e949fc
3
+ metadata.gz: 15f0f7de2d28a43c51d7afbd053a3ceb8cc3053210a39e13eb67fd3d28318e29
4
+ data.tar.gz: 8fff203747eb2d0f4166d645df27a4922778ea0f1d8985feb80af03e7852912a
5
5
  SHA512:
6
- metadata.gz: 0d9420fff10850008dde2faa6d6ed251bf322133026da85f77ec6bc0395493801d16fdec2364b6b50194bd3fddc04eb7d8e4c8a7c3b14e21551fea82d2b6a0e5
7
- data.tar.gz: 7882dea8c62f646c77569d59531649cf49081888bbcb72f6970246397f5eb88d4acd0e29ca623ab47263b946cab71fd21be0b1de3df33fbf0663ca49360504e8
6
+ metadata.gz: 39726569003faa5c96d838b6fab22062b7f9f73d2060641d6e9072f35abc250e4beec9715ff411dee86f839cd6a5edeed05fcd783f134d3817cc30919ec60b64
7
+ data.tar.gz: 5bcefad5bc12c1b9eda5a97ffea73e1caa14be304bc116919fe87673f1871fa1f21402da38b0e2cf165134d9b157f45a82ea85458f82156fce959c664e0c3a67
data/.rubocop.yml CHANGED
@@ -1,6 +1,8 @@
1
1
  AllCops:
2
2
  NewCops: enable
3
3
  TargetRubyVersion: 3.0
4
+ SuggestExtensions: false
5
+
4
6
 
5
7
  Style/StringLiterals:
6
8
  EnforcedStyle: double_quotes
data/README.md CHANGED
@@ -18,6 +18,10 @@ If bundler is not being used to manage dependencies, install the gem by executin
18
18
  > [!WARNING]
19
19
  > This gem is still under development and the API may change in the future.
20
20
 
21
+ ### PolicySet
22
+
23
+ Define a policy by Cedar Language:
24
+
21
25
  ```ruby
22
26
  policy = <<~POLICY
23
27
  permit(
@@ -27,28 +31,75 @@ policy = <<~POLICY
27
31
  );
28
32
  POLICY
29
33
  policy_set = CedarPolicy::PolicySet.new(policy)
34
+ ```
35
+
36
+ > Currently, the single policy is not supported.
30
37
 
31
- principal = CedarPolicy::EntityUid.new("User", "1")
38
+ ### Request
39
+
40
+ Prepare the Entity's ID via `EntityUid` or an object with `#to_hash` method which returns a hash with `:type` and `:id` keys.
41
+
42
+ ```ruby
43
+ principal = CedarPolicy::EntityUid.new("User", "1") # or { type: "User", id: "1" }
32
44
  action = CedarPolicy::EntityUid.new("Action", "view")
33
45
  resource = CedarPolicy::EntityUid.new("Image", "1")
34
- ctx = CedarPolicy::Context.new
46
+ ```
35
47
 
48
+ The `Context` object is used to store the request context. Use `Context` or an object with `#to_hash` method which returns a hash.
49
+
50
+ ```ruby
51
+ ctx = CedarPolicy::Context.new({ ip: "127.0.0.1" }) # or { ip: "127.0.0.1" }
52
+ ```
53
+ > The `Context` object can initialize without any arguments as an empty context.
54
+
55
+ Create a `Request` object with the principal, action, resource, and context.
56
+
57
+ ```ruby
36
58
  request = CedarPolicy::Request.new(principal, action, resource, ctx)
59
+ ```
37
60
 
61
+ ### Entities
62
+
63
+ Define the entities with related this request. It should be an array of `Entity` objects which have `#to_hash` method returns a hash with `:uid`,`:attrs`, and `:parents` keys.
64
+
65
+ ```ruby
38
66
  entities = CedarPolicy::Entities.new([
39
67
  CedarPolicy::Entity.new(
40
68
  CedarPolicy::EntityUid.new("User", "1"),
41
- { role: "admin" }
42
- )
69
+ { role: "admin" },
70
+ [] # Parents' EntityUid
71
+ ),
72
+ {
73
+ uid: { type: "Image", id: "1" },
74
+ attrs: {},
75
+ parents: []
76
+ }
43
77
  ])
78
+ ```
44
79
 
80
+ ### Authorizer
81
+
82
+ Create an `Authorizer` object and authorize the request with the policy set and entities.
83
+
84
+ ```ruby
45
85
  authorizer = CedarPolicy::Authorizer.new
86
+ ```
87
+
88
+ If boolean result is enough, use `#authorize?` method.
89
+
90
+ ```ruby
46
91
  authorizer.authorize?(request, policy_set, entities) # => true
92
+ ```
47
93
 
94
+ If you want to get the decision object, use `#authorize` method.
95
+
96
+ ```ruby
48
97
  response = authorizer.authorize(request, policy_set, entities)
49
98
  response.decision # => CedarPolicy::Decision::ALLOW
50
99
  ```
51
100
 
101
+ > The diagnostics is not supported yet in the response.
102
+
52
103
  ## Roadmap
53
104
 
54
105
  * [ ] Add DSL to improve developer experience
Binary file
Binary file
Binary file
Binary file
@@ -3,8 +3,20 @@
3
3
  module CedarPolicy
4
4
  # :nodoc:
5
5
  class Entities
6
+ include Enumerable
7
+
6
8
  def initialize(entities = [])
7
- @entities = Set.new(entities)
9
+ @entities = Set.new(entities.map do |entity|
10
+ next entity if entity.is_a?(Entity)
11
+
12
+ Entity.new(*entity.values_at(:uid, :attrs, :parents))
13
+ end)
14
+ end
15
+
16
+ def each(&block)
17
+ return enum_for(:each) unless block_given?
18
+
19
+ @entities.each(&block)
8
20
  end
9
21
 
10
22
  def to_ary
@@ -6,15 +6,19 @@ module CedarPolicy
6
6
  attr_reader :uid, :attrs, :parents
7
7
 
8
8
  def initialize(uid, attrs = {}, parents = [])
9
- raise ArgumentError unless uid.is_a?(EntityUid)
9
+ raise ArgumentError unless uid.is_a?(EntityUid) || uid.is_a?(Hash)
10
10
 
11
- @uid = uid
11
+ @uid = if uid.is_a?(EntityUid)
12
+ uid
13
+ else
14
+ EntityUid.new(*uid.values_at(:type, :id))
15
+ end
12
16
  @attrs = attrs
13
17
  @parents = Set.new(parents)
14
18
  end
15
19
 
16
- def ==(other)
17
- hahs == other.hash
20
+ def eql?(other)
21
+ hash == other.hash
18
22
  end
19
23
 
20
24
  def hash
@@ -8,11 +8,14 @@ module CedarPolicy
8
8
  def initialize(type_name, id)
9
9
  @type_name = type_name.to_s
10
10
  @id = id.to_s
11
+
12
+ freeze
11
13
  end
12
14
 
13
- def ==(other)
15
+ def eql?(other)
14
16
  hash == other.hash
15
17
  end
18
+ alias == eql?
16
19
 
17
20
  def hash
18
21
  [self.class, @type_name, @id].hash
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module CedarPolicy
4
- VERSION = "0.2.0"
4
+ VERSION = "0.3.0"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cedar_policy
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.3.0
5
5
  platform: aarch64-linux
6
6
  authors:
7
7
  - Aotokitsuruya
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2024-08-14 00:00:00.000000000 Z
11
+ date: 2024-09-07 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: Ruby bindings for Cedar policy evaluation engine.
14
14
  email: