cedar_policy 0.2.0-x86_64-darwin → 0.3.0-x86_64-darwin

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: fce44693f09d56711a213ce02a119e8440fad3ac73cef24a72344d943efe6a39
4
- data.tar.gz: 6fd283eaa41422ef8693c03e66724dcf1764a571a8372af88cddc55b0fa5e86f
3
+ metadata.gz: 1f1d5ac3c49b355c06fc93d1cd5d03f1b58e9d85a16a64523f781e5cdc1c6624
4
+ data.tar.gz: ddc3c1ba57167a3107ed345cf1d5ed51f2f48e9c9831e25a338d953fbde366ea
5
5
  SHA512:
6
- metadata.gz: 765e7d6fdacac0d270779889ad0262884928e76df799b23e54a58d609791b08e9e843311d8f699a224b5718402279a9a84559ff4ecc18d42c01d45c480102b4a
7
- data.tar.gz: 5e400f787263f9234f80aa812dc9fe5cc8c2f0bb3fe9acb11ce6d4a56a98516bd95254bab1454a51a9a566d909a68b8d28fc92e95cef482061887c0bcd5f59a5
6
+ metadata.gz: ecf2f04de628205249c01e60940cb10d7b6d710d8953d2e4c40fc526ae7a5ee4065d4530649b6708d6112d72ee56f87f1da3c8d1d5dbd574a849475dc3f91036
7
+ data.tar.gz: 7bebaefb23125cbdf10941cabbd5887abdeef46c9324c768de8346b65de86782231043daaaa18315ac5c3767e2343c79a1d03cb0b7201f25f22823707ffd5697
data/.rubocop.yml CHANGED
@@ -1,6 +1,8 @@
1
1
  AllCops:
2
2
  NewCops: enable
3
3
  TargetRubyVersion: 3.0
4
+ SuggestExtensions: false
5
+
4
6
 
5
7
  Style/StringLiterals:
6
8
  EnforcedStyle: double_quotes
data/README.md CHANGED
@@ -18,6 +18,10 @@ If bundler is not being used to manage dependencies, install the gem by executin
18
18
  > [!WARNING]
19
19
  > This gem is still under development and the API may change in the future.
20
20
 
21
+ ### PolicySet
22
+
23
+ Define a policy by Cedar Language:
24
+
21
25
  ```ruby
22
26
  policy = <<~POLICY
23
27
  permit(
@@ -27,28 +31,75 @@ policy = <<~POLICY
27
31
  );
28
32
  POLICY
29
33
  policy_set = CedarPolicy::PolicySet.new(policy)
34
+ ```
35
+
36
+ > Currently, the single policy is not supported.
30
37
 
31
- principal = CedarPolicy::EntityUid.new("User", "1")
38
+ ### Request
39
+
40
+ Prepare the Entity's ID via `EntityUid` or an object with `#to_hash` method which returns a hash with `:type` and `:id` keys.
41
+
42
+ ```ruby
43
+ principal = CedarPolicy::EntityUid.new("User", "1") # or { type: "User", id: "1" }
32
44
  action = CedarPolicy::EntityUid.new("Action", "view")
33
45
  resource = CedarPolicy::EntityUid.new("Image", "1")
34
- ctx = CedarPolicy::Context.new
46
+ ```
35
47
 
48
+ The `Context` object is used to store the request context. Use `Context` or an object with `#to_hash` method which returns a hash.
49
+
50
+ ```ruby
51
+ ctx = CedarPolicy::Context.new({ ip: "127.0.0.1" }) # or { ip: "127.0.0.1" }
52
+ ```
53
+ > The `Context` object can initialize without any arguments as an empty context.
54
+
55
+ Create a `Request` object with the principal, action, resource, and context.
56
+
57
+ ```ruby
36
58
  request = CedarPolicy::Request.new(principal, action, resource, ctx)
59
+ ```
37
60
 
61
+ ### Entities
62
+
63
+ Define the entities with related this request. It should be an array of `Entity` objects which have `#to_hash` method returns a hash with `:uid`,`:attrs`, and `:parents` keys.
64
+
65
+ ```ruby
38
66
  entities = CedarPolicy::Entities.new([
39
67
  CedarPolicy::Entity.new(
40
68
  CedarPolicy::EntityUid.new("User", "1"),
41
- { role: "admin" }
42
- )
69
+ { role: "admin" },
70
+ [] # Parents' EntityUid
71
+ ),
72
+ {
73
+ uid: { type: "Image", id: "1" },
74
+ attrs: {},
75
+ parents: []
76
+ }
43
77
  ])
78
+ ```
44
79
 
80
+ ### Authorizer
81
+
82
+ Create an `Authorizer` object and authorize the request with the policy set and entities.
83
+
84
+ ```ruby
45
85
  authorizer = CedarPolicy::Authorizer.new
86
+ ```
87
+
88
+ If boolean result is enough, use `#authorize?` method.
89
+
90
+ ```ruby
46
91
  authorizer.authorize?(request, policy_set, entities) # => true
92
+ ```
47
93
 
94
+ If you want to get the decision object, use `#authorize` method.
95
+
96
+ ```ruby
48
97
  response = authorizer.authorize(request, policy_set, entities)
49
98
  response.decision # => CedarPolicy::Decision::ALLOW
50
99
  ```
51
100
 
101
+ > The diagnostics is not supported yet in the response.
102
+
52
103
  ## Roadmap
53
104
 
54
105
  * [ ] Add DSL to improve developer experience
@@ -3,8 +3,20 @@
3
3
  module CedarPolicy
4
4
  # :nodoc:
5
5
  class Entities
6
+ include Enumerable
7
+
6
8
  def initialize(entities = [])
7
- @entities = Set.new(entities)
9
+ @entities = Set.new(entities.map do |entity|
10
+ next entity if entity.is_a?(Entity)
11
+
12
+ Entity.new(*entity.values_at(:uid, :attrs, :parents))
13
+ end)
14
+ end
15
+
16
+ def each(&block)
17
+ return enum_for(:each) unless block_given?
18
+
19
+ @entities.each(&block)
8
20
  end
9
21
 
10
22
  def to_ary
@@ -6,15 +6,19 @@ module CedarPolicy
6
6
  attr_reader :uid, :attrs, :parents
7
7
 
8
8
  def initialize(uid, attrs = {}, parents = [])
9
- raise ArgumentError unless uid.is_a?(EntityUid)
9
+ raise ArgumentError unless uid.is_a?(EntityUid) || uid.is_a?(Hash)
10
10
 
11
- @uid = uid
11
+ @uid = if uid.is_a?(EntityUid)
12
+ uid
13
+ else
14
+ EntityUid.new(*uid.values_at(:type, :id))
15
+ end
12
16
  @attrs = attrs
13
17
  @parents = Set.new(parents)
14
18
  end
15
19
 
16
- def ==(other)
17
- hahs == other.hash
20
+ def eql?(other)
21
+ hash == other.hash
18
22
  end
19
23
 
20
24
  def hash
@@ -8,11 +8,14 @@ module CedarPolicy
8
8
  def initialize(type_name, id)
9
9
  @type_name = type_name.to_s
10
10
  @id = id.to_s
11
+
12
+ freeze
11
13
  end
12
14
 
13
- def ==(other)
15
+ def eql?(other)
14
16
  hash == other.hash
15
17
  end
18
+ alias == eql?
16
19
 
17
20
  def hash
18
21
  [self.class, @type_name, @id].hash
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module CedarPolicy
4
- VERSION = "0.2.0"
4
+ VERSION = "0.3.0"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cedar_policy
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.3.0
5
5
  platform: x86_64-darwin
6
6
  authors:
7
7
  - Aotokitsuruya
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2024-08-14 00:00:00.000000000 Z
11
+ date: 2024-09-07 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: Ruby bindings for Cedar policy evaluation engine.
14
14
  email: