cerbos 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.yardopts +9 -0
- data/CHANGELOG.md +9 -0
- data/LICENSE.txt +190 -0
- data/README.md +67 -0
- data/cerbos.gemspec +36 -0
- data/lib/cerbos/client.rb +188 -0
- data/lib/cerbos/error.rb +112 -0
- data/lib/cerbos/input/attributes.rb +29 -0
- data/lib/cerbos/input/aux_data.rb +26 -0
- data/lib/cerbos/input/jwt.rb +38 -0
- data/lib/cerbos/input/principal.rb +63 -0
- data/lib/cerbos/input/resource.rb +63 -0
- data/lib/cerbos/input/resource_check.rb +35 -0
- data/lib/cerbos/input/resource_query.rb +55 -0
- data/lib/cerbos/input.rb +36 -0
- data/lib/cerbos/mutual_tls.rb +33 -0
- data/lib/cerbos/output/check_resources.rb +226 -0
- data/lib/cerbos/output/plan_resources.rb +149 -0
- data/lib/cerbos/output/server_info.rb +38 -0
- data/lib/cerbos/output.rb +37 -0
- data/lib/cerbos/protobuf/cerbos/audit/v1/audit_pb.rb +48 -0
- data/lib/cerbos/protobuf/cerbos/effect/v1/effect_pb.rb +23 -0
- data/lib/cerbos/protobuf/cerbos/engine/v1/engine_pb.rb +166 -0
- data/lib/cerbos/protobuf/cerbos/policy/v1/policy_pb.rb +247 -0
- data/lib/cerbos/protobuf/cerbos/request/v1/request_pb.rb +178 -0
- data/lib/cerbos/protobuf/cerbos/response/v1/response_pb.rb +230 -0
- data/lib/cerbos/protobuf/cerbos/schema/v1/schema_pb.rb +37 -0
- data/lib/cerbos/protobuf/cerbos/svc/v1/svc_pb.rb +21 -0
- data/lib/cerbos/protobuf/cerbos/svc/v1/svc_services_pb.rb +73 -0
- data/lib/cerbos/protobuf/cerbos/telemetry/v1/telemetry_pb.rb +99 -0
- data/lib/cerbos/protobuf/google/api/annotations_pb.rb +17 -0
- data/lib/cerbos/protobuf/google/api/expr/v1alpha1/checked_pb.rb +117 -0
- data/lib/cerbos/protobuf/google/api/expr/v1alpha1/syntax_pb.rb +113 -0
- data/lib/cerbos/protobuf/google/api/field_behavior_pb.rb +27 -0
- data/lib/cerbos/protobuf/google/api/http_pb.rb +39 -0
- data/lib/cerbos/protobuf/protoc-gen-openapiv2/options/annotations_pb.rb +21 -0
- data/lib/cerbos/protobuf/protoc-gen-openapiv2/options/openapiv2_pb.rb +200 -0
- data/lib/cerbos/protobuf/validate/validate_pb.rb +293 -0
- data/lib/cerbos/protobuf.rb +9 -0
- data/lib/cerbos/tls.rb +24 -0
- data/lib/cerbos/version.rb +6 -0
- data/lib/cerbos.rb +22 -0
- data/yard_extensions.rb +33 -0
- metadata +107 -0
@@ -0,0 +1,293 @@
|
|
1
|
+
# Generated by the protocol buffer compiler. DO NOT EDIT!
|
2
|
+
# source: validate/validate.proto
|
3
|
+
|
4
|
+
require 'google/protobuf'
|
5
|
+
|
6
|
+
require 'google/protobuf/descriptor_pb'
|
7
|
+
require 'google/protobuf/duration_pb'
|
8
|
+
require 'google/protobuf/timestamp_pb'
|
9
|
+
|
10
|
+
Google::Protobuf::DescriptorPool.generated_pool.build do
|
11
|
+
add_file("validate/validate.proto", :syntax => :proto2) do
|
12
|
+
add_message "validate.FieldRules" do
|
13
|
+
optional :message, :message, 17, "validate.MessageRules", json_name: "message"
|
14
|
+
oneof :type do
|
15
|
+
optional :float, :message, 1, "validate.FloatRules", json_name: "float"
|
16
|
+
optional :double, :message, 2, "validate.DoubleRules", json_name: "double"
|
17
|
+
optional :int32, :message, 3, "validate.Int32Rules", json_name: "int32"
|
18
|
+
optional :int64, :message, 4, "validate.Int64Rules", json_name: "int64"
|
19
|
+
optional :uint32, :message, 5, "validate.UInt32Rules", json_name: "uint32"
|
20
|
+
optional :uint64, :message, 6, "validate.UInt64Rules", json_name: "uint64"
|
21
|
+
optional :sint32, :message, 7, "validate.SInt32Rules", json_name: "sint32"
|
22
|
+
optional :sint64, :message, 8, "validate.SInt64Rules", json_name: "sint64"
|
23
|
+
optional :fixed32, :message, 9, "validate.Fixed32Rules", json_name: "fixed32"
|
24
|
+
optional :fixed64, :message, 10, "validate.Fixed64Rules", json_name: "fixed64"
|
25
|
+
optional :sfixed32, :message, 11, "validate.SFixed32Rules", json_name: "sfixed32"
|
26
|
+
optional :sfixed64, :message, 12, "validate.SFixed64Rules", json_name: "sfixed64"
|
27
|
+
optional :bool, :message, 13, "validate.BoolRules", json_name: "bool"
|
28
|
+
optional :string, :message, 14, "validate.StringRules", json_name: "string"
|
29
|
+
optional :bytes, :message, 15, "validate.BytesRules", json_name: "bytes"
|
30
|
+
optional :enum, :message, 16, "validate.EnumRules", json_name: "enum"
|
31
|
+
optional :repeated, :message, 18, "validate.RepeatedRules", json_name: "repeated"
|
32
|
+
optional :map, :message, 19, "validate.MapRules", json_name: "map"
|
33
|
+
optional :any, :message, 20, "validate.AnyRules", json_name: "any"
|
34
|
+
optional :duration, :message, 21, "validate.DurationRules", json_name: "duration"
|
35
|
+
optional :timestamp, :message, 22, "validate.TimestampRules", json_name: "timestamp"
|
36
|
+
end
|
37
|
+
end
|
38
|
+
add_message "validate.FloatRules" do
|
39
|
+
optional :const, :float, 1, json_name: "const"
|
40
|
+
optional :lt, :float, 2, json_name: "lt"
|
41
|
+
optional :lte, :float, 3, json_name: "lte"
|
42
|
+
optional :gt, :float, 4, json_name: "gt"
|
43
|
+
optional :gte, :float, 5, json_name: "gte"
|
44
|
+
repeated :in, :float, 6, json_name: "in"
|
45
|
+
repeated :not_in, :float, 7, json_name: "notIn"
|
46
|
+
optional :ignore_empty, :bool, 8, json_name: "ignoreEmpty"
|
47
|
+
end
|
48
|
+
add_message "validate.DoubleRules" do
|
49
|
+
optional :const, :double, 1, json_name: "const"
|
50
|
+
optional :lt, :double, 2, json_name: "lt"
|
51
|
+
optional :lte, :double, 3, json_name: "lte"
|
52
|
+
optional :gt, :double, 4, json_name: "gt"
|
53
|
+
optional :gte, :double, 5, json_name: "gte"
|
54
|
+
repeated :in, :double, 6, json_name: "in"
|
55
|
+
repeated :not_in, :double, 7, json_name: "notIn"
|
56
|
+
optional :ignore_empty, :bool, 8, json_name: "ignoreEmpty"
|
57
|
+
end
|
58
|
+
add_message "validate.Int32Rules" do
|
59
|
+
optional :const, :int32, 1, json_name: "const"
|
60
|
+
optional :lt, :int32, 2, json_name: "lt"
|
61
|
+
optional :lte, :int32, 3, json_name: "lte"
|
62
|
+
optional :gt, :int32, 4, json_name: "gt"
|
63
|
+
optional :gte, :int32, 5, json_name: "gte"
|
64
|
+
repeated :in, :int32, 6, json_name: "in"
|
65
|
+
repeated :not_in, :int32, 7, json_name: "notIn"
|
66
|
+
optional :ignore_empty, :bool, 8, json_name: "ignoreEmpty"
|
67
|
+
end
|
68
|
+
add_message "validate.Int64Rules" do
|
69
|
+
optional :const, :int64, 1, json_name: "const"
|
70
|
+
optional :lt, :int64, 2, json_name: "lt"
|
71
|
+
optional :lte, :int64, 3, json_name: "lte"
|
72
|
+
optional :gt, :int64, 4, json_name: "gt"
|
73
|
+
optional :gte, :int64, 5, json_name: "gte"
|
74
|
+
repeated :in, :int64, 6, json_name: "in"
|
75
|
+
repeated :not_in, :int64, 7, json_name: "notIn"
|
76
|
+
optional :ignore_empty, :bool, 8, json_name: "ignoreEmpty"
|
77
|
+
end
|
78
|
+
add_message "validate.UInt32Rules" do
|
79
|
+
optional :const, :uint32, 1, json_name: "const"
|
80
|
+
optional :lt, :uint32, 2, json_name: "lt"
|
81
|
+
optional :lte, :uint32, 3, json_name: "lte"
|
82
|
+
optional :gt, :uint32, 4, json_name: "gt"
|
83
|
+
optional :gte, :uint32, 5, json_name: "gte"
|
84
|
+
repeated :in, :uint32, 6, json_name: "in"
|
85
|
+
repeated :not_in, :uint32, 7, json_name: "notIn"
|
86
|
+
optional :ignore_empty, :bool, 8, json_name: "ignoreEmpty"
|
87
|
+
end
|
88
|
+
add_message "validate.UInt64Rules" do
|
89
|
+
optional :const, :uint64, 1, json_name: "const"
|
90
|
+
optional :lt, :uint64, 2, json_name: "lt"
|
91
|
+
optional :lte, :uint64, 3, json_name: "lte"
|
92
|
+
optional :gt, :uint64, 4, json_name: "gt"
|
93
|
+
optional :gte, :uint64, 5, json_name: "gte"
|
94
|
+
repeated :in, :uint64, 6, json_name: "in"
|
95
|
+
repeated :not_in, :uint64, 7, json_name: "notIn"
|
96
|
+
optional :ignore_empty, :bool, 8, json_name: "ignoreEmpty"
|
97
|
+
end
|
98
|
+
add_message "validate.SInt32Rules" do
|
99
|
+
optional :const, :sint32, 1, json_name: "const"
|
100
|
+
optional :lt, :sint32, 2, json_name: "lt"
|
101
|
+
optional :lte, :sint32, 3, json_name: "lte"
|
102
|
+
optional :gt, :sint32, 4, json_name: "gt"
|
103
|
+
optional :gte, :sint32, 5, json_name: "gte"
|
104
|
+
repeated :in, :sint32, 6, json_name: "in"
|
105
|
+
repeated :not_in, :sint32, 7, json_name: "notIn"
|
106
|
+
optional :ignore_empty, :bool, 8, json_name: "ignoreEmpty"
|
107
|
+
end
|
108
|
+
add_message "validate.SInt64Rules" do
|
109
|
+
optional :const, :sint64, 1, json_name: "const"
|
110
|
+
optional :lt, :sint64, 2, json_name: "lt"
|
111
|
+
optional :lte, :sint64, 3, json_name: "lte"
|
112
|
+
optional :gt, :sint64, 4, json_name: "gt"
|
113
|
+
optional :gte, :sint64, 5, json_name: "gte"
|
114
|
+
repeated :in, :sint64, 6, json_name: "in"
|
115
|
+
repeated :not_in, :sint64, 7, json_name: "notIn"
|
116
|
+
optional :ignore_empty, :bool, 8, json_name: "ignoreEmpty"
|
117
|
+
end
|
118
|
+
add_message "validate.Fixed32Rules" do
|
119
|
+
optional :const, :fixed32, 1, json_name: "const"
|
120
|
+
optional :lt, :fixed32, 2, json_name: "lt"
|
121
|
+
optional :lte, :fixed32, 3, json_name: "lte"
|
122
|
+
optional :gt, :fixed32, 4, json_name: "gt"
|
123
|
+
optional :gte, :fixed32, 5, json_name: "gte"
|
124
|
+
repeated :in, :fixed32, 6, json_name: "in"
|
125
|
+
repeated :not_in, :fixed32, 7, json_name: "notIn"
|
126
|
+
optional :ignore_empty, :bool, 8, json_name: "ignoreEmpty"
|
127
|
+
end
|
128
|
+
add_message "validate.Fixed64Rules" do
|
129
|
+
optional :const, :fixed64, 1, json_name: "const"
|
130
|
+
optional :lt, :fixed64, 2, json_name: "lt"
|
131
|
+
optional :lte, :fixed64, 3, json_name: "lte"
|
132
|
+
optional :gt, :fixed64, 4, json_name: "gt"
|
133
|
+
optional :gte, :fixed64, 5, json_name: "gte"
|
134
|
+
repeated :in, :fixed64, 6, json_name: "in"
|
135
|
+
repeated :not_in, :fixed64, 7, json_name: "notIn"
|
136
|
+
optional :ignore_empty, :bool, 8, json_name: "ignoreEmpty"
|
137
|
+
end
|
138
|
+
add_message "validate.SFixed32Rules" do
|
139
|
+
optional :const, :sfixed32, 1, json_name: "const"
|
140
|
+
optional :lt, :sfixed32, 2, json_name: "lt"
|
141
|
+
optional :lte, :sfixed32, 3, json_name: "lte"
|
142
|
+
optional :gt, :sfixed32, 4, json_name: "gt"
|
143
|
+
optional :gte, :sfixed32, 5, json_name: "gte"
|
144
|
+
repeated :in, :sfixed32, 6, json_name: "in"
|
145
|
+
repeated :not_in, :sfixed32, 7, json_name: "notIn"
|
146
|
+
optional :ignore_empty, :bool, 8, json_name: "ignoreEmpty"
|
147
|
+
end
|
148
|
+
add_message "validate.SFixed64Rules" do
|
149
|
+
optional :const, :sfixed64, 1, json_name: "const"
|
150
|
+
optional :lt, :sfixed64, 2, json_name: "lt"
|
151
|
+
optional :lte, :sfixed64, 3, json_name: "lte"
|
152
|
+
optional :gt, :sfixed64, 4, json_name: "gt"
|
153
|
+
optional :gte, :sfixed64, 5, json_name: "gte"
|
154
|
+
repeated :in, :sfixed64, 6, json_name: "in"
|
155
|
+
repeated :not_in, :sfixed64, 7, json_name: "notIn"
|
156
|
+
optional :ignore_empty, :bool, 8, json_name: "ignoreEmpty"
|
157
|
+
end
|
158
|
+
add_message "validate.BoolRules" do
|
159
|
+
optional :const, :bool, 1, json_name: "const"
|
160
|
+
end
|
161
|
+
add_message "validate.StringRules" do
|
162
|
+
optional :const, :string, 1, json_name: "const"
|
163
|
+
optional :len, :uint64, 19, json_name: "len"
|
164
|
+
optional :min_len, :uint64, 2, json_name: "minLen"
|
165
|
+
optional :max_len, :uint64, 3, json_name: "maxLen"
|
166
|
+
optional :len_bytes, :uint64, 20, json_name: "lenBytes"
|
167
|
+
optional :min_bytes, :uint64, 4, json_name: "minBytes"
|
168
|
+
optional :max_bytes, :uint64, 5, json_name: "maxBytes"
|
169
|
+
optional :pattern, :string, 6, json_name: "pattern"
|
170
|
+
optional :prefix, :string, 7, json_name: "prefix"
|
171
|
+
optional :suffix, :string, 8, json_name: "suffix"
|
172
|
+
optional :contains, :string, 9, json_name: "contains"
|
173
|
+
optional :not_contains, :string, 23, json_name: "notContains"
|
174
|
+
repeated :in, :string, 10, json_name: "in"
|
175
|
+
repeated :not_in, :string, 11, json_name: "notIn"
|
176
|
+
optional :strict, :bool, 25, default: true, json_name: "strict"
|
177
|
+
optional :ignore_empty, :bool, 26, json_name: "ignoreEmpty"
|
178
|
+
oneof :well_known do
|
179
|
+
optional :email, :bool, 12, json_name: "email"
|
180
|
+
optional :hostname, :bool, 13, json_name: "hostname"
|
181
|
+
optional :ip, :bool, 14, json_name: "ip"
|
182
|
+
optional :ipv4, :bool, 15, json_name: "ipv4"
|
183
|
+
optional :ipv6, :bool, 16, json_name: "ipv6"
|
184
|
+
optional :uri, :bool, 17, json_name: "uri"
|
185
|
+
optional :uri_ref, :bool, 18, json_name: "uriRef"
|
186
|
+
optional :address, :bool, 21, json_name: "address"
|
187
|
+
optional :uuid, :bool, 22, json_name: "uuid"
|
188
|
+
optional :well_known_regex, :enum, 24, "validate.KnownRegex", json_name: "wellKnownRegex"
|
189
|
+
end
|
190
|
+
end
|
191
|
+
add_message "validate.BytesRules" do
|
192
|
+
optional :const, :bytes, 1, json_name: "const"
|
193
|
+
optional :len, :uint64, 13, json_name: "len"
|
194
|
+
optional :min_len, :uint64, 2, json_name: "minLen"
|
195
|
+
optional :max_len, :uint64, 3, json_name: "maxLen"
|
196
|
+
optional :pattern, :string, 4, json_name: "pattern"
|
197
|
+
optional :prefix, :bytes, 5, json_name: "prefix"
|
198
|
+
optional :suffix, :bytes, 6, json_name: "suffix"
|
199
|
+
optional :contains, :bytes, 7, json_name: "contains"
|
200
|
+
repeated :in, :bytes, 8, json_name: "in"
|
201
|
+
repeated :not_in, :bytes, 9, json_name: "notIn"
|
202
|
+
optional :ignore_empty, :bool, 14, json_name: "ignoreEmpty"
|
203
|
+
oneof :well_known do
|
204
|
+
optional :ip, :bool, 10, json_name: "ip"
|
205
|
+
optional :ipv4, :bool, 11, json_name: "ipv4"
|
206
|
+
optional :ipv6, :bool, 12, json_name: "ipv6"
|
207
|
+
end
|
208
|
+
end
|
209
|
+
add_message "validate.EnumRules" do
|
210
|
+
optional :const, :int32, 1, json_name: "const"
|
211
|
+
optional :defined_only, :bool, 2, json_name: "definedOnly"
|
212
|
+
repeated :in, :int32, 3, json_name: "in"
|
213
|
+
repeated :not_in, :int32, 4, json_name: "notIn"
|
214
|
+
end
|
215
|
+
add_message "validate.MessageRules" do
|
216
|
+
optional :skip, :bool, 1, json_name: "skip"
|
217
|
+
optional :required, :bool, 2, json_name: "required"
|
218
|
+
end
|
219
|
+
add_message "validate.RepeatedRules" do
|
220
|
+
optional :min_items, :uint64, 1, json_name: "minItems"
|
221
|
+
optional :max_items, :uint64, 2, json_name: "maxItems"
|
222
|
+
optional :unique, :bool, 3, json_name: "unique"
|
223
|
+
optional :items, :message, 4, "validate.FieldRules", json_name: "items"
|
224
|
+
optional :ignore_empty, :bool, 5, json_name: "ignoreEmpty"
|
225
|
+
end
|
226
|
+
add_message "validate.MapRules" do
|
227
|
+
optional :min_pairs, :uint64, 1, json_name: "minPairs"
|
228
|
+
optional :max_pairs, :uint64, 2, json_name: "maxPairs"
|
229
|
+
optional :no_sparse, :bool, 3, json_name: "noSparse"
|
230
|
+
optional :keys, :message, 4, "validate.FieldRules", json_name: "keys"
|
231
|
+
optional :values, :message, 5, "validate.FieldRules", json_name: "values"
|
232
|
+
optional :ignore_empty, :bool, 6, json_name: "ignoreEmpty"
|
233
|
+
end
|
234
|
+
add_message "validate.AnyRules" do
|
235
|
+
optional :required, :bool, 1, json_name: "required"
|
236
|
+
repeated :in, :string, 2, json_name: "in"
|
237
|
+
repeated :not_in, :string, 3, json_name: "notIn"
|
238
|
+
end
|
239
|
+
add_message "validate.DurationRules" do
|
240
|
+
optional :required, :bool, 1, json_name: "required"
|
241
|
+
optional :const, :message, 2, "google.protobuf.Duration", json_name: "const"
|
242
|
+
optional :lt, :message, 3, "google.protobuf.Duration", json_name: "lt"
|
243
|
+
optional :lte, :message, 4, "google.protobuf.Duration", json_name: "lte"
|
244
|
+
optional :gt, :message, 5, "google.protobuf.Duration", json_name: "gt"
|
245
|
+
optional :gte, :message, 6, "google.protobuf.Duration", json_name: "gte"
|
246
|
+
repeated :in, :message, 7, "google.protobuf.Duration", json_name: "in"
|
247
|
+
repeated :not_in, :message, 8, "google.protobuf.Duration", json_name: "notIn"
|
248
|
+
end
|
249
|
+
add_message "validate.TimestampRules" do
|
250
|
+
optional :required, :bool, 1, json_name: "required"
|
251
|
+
optional :const, :message, 2, "google.protobuf.Timestamp", json_name: "const"
|
252
|
+
optional :lt, :message, 3, "google.protobuf.Timestamp", json_name: "lt"
|
253
|
+
optional :lte, :message, 4, "google.protobuf.Timestamp", json_name: "lte"
|
254
|
+
optional :gt, :message, 5, "google.protobuf.Timestamp", json_name: "gt"
|
255
|
+
optional :gte, :message, 6, "google.protobuf.Timestamp", json_name: "gte"
|
256
|
+
optional :lt_now, :bool, 7, json_name: "ltNow"
|
257
|
+
optional :gt_now, :bool, 8, json_name: "gtNow"
|
258
|
+
optional :within, :message, 9, "google.protobuf.Duration", json_name: "within"
|
259
|
+
end
|
260
|
+
add_enum "validate.KnownRegex" do
|
261
|
+
value :UNKNOWN, 0
|
262
|
+
value :HTTP_HEADER_NAME, 1
|
263
|
+
value :HTTP_HEADER_VALUE, 2
|
264
|
+
end
|
265
|
+
end
|
266
|
+
end
|
267
|
+
|
268
|
+
module Cerbos::Protobuf::Validate
|
269
|
+
FieldRules = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("validate.FieldRules").msgclass
|
270
|
+
FloatRules = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("validate.FloatRules").msgclass
|
271
|
+
DoubleRules = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("validate.DoubleRules").msgclass
|
272
|
+
Int32Rules = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("validate.Int32Rules").msgclass
|
273
|
+
Int64Rules = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("validate.Int64Rules").msgclass
|
274
|
+
UInt32Rules = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("validate.UInt32Rules").msgclass
|
275
|
+
UInt64Rules = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("validate.UInt64Rules").msgclass
|
276
|
+
SInt32Rules = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("validate.SInt32Rules").msgclass
|
277
|
+
SInt64Rules = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("validate.SInt64Rules").msgclass
|
278
|
+
Fixed32Rules = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("validate.Fixed32Rules").msgclass
|
279
|
+
Fixed64Rules = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("validate.Fixed64Rules").msgclass
|
280
|
+
SFixed32Rules = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("validate.SFixed32Rules").msgclass
|
281
|
+
SFixed64Rules = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("validate.SFixed64Rules").msgclass
|
282
|
+
BoolRules = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("validate.BoolRules").msgclass
|
283
|
+
StringRules = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("validate.StringRules").msgclass
|
284
|
+
BytesRules = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("validate.BytesRules").msgclass
|
285
|
+
EnumRules = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("validate.EnumRules").msgclass
|
286
|
+
MessageRules = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("validate.MessageRules").msgclass
|
287
|
+
RepeatedRules = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("validate.RepeatedRules").msgclass
|
288
|
+
MapRules = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("validate.MapRules").msgclass
|
289
|
+
AnyRules = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("validate.AnyRules").msgclass
|
290
|
+
DurationRules = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("validate.DurationRules").msgclass
|
291
|
+
TimestampRules = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("validate.TimestampRules").msgclass
|
292
|
+
KnownRegex = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("validate.KnownRegex").enummodule
|
293
|
+
end
|
data/lib/cerbos/tls.rb
ADDED
@@ -0,0 +1,24 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Cerbos
|
4
|
+
# Settings for encrypting the gRPC connection with TLS.
|
5
|
+
class TLS
|
6
|
+
# The PEM-encoded certificates of root certificate authorities used to verify the server certificate.
|
7
|
+
#
|
8
|
+
# @return [String]
|
9
|
+
# @return [nil] if using the public roots bundled with the `grpc` gem.
|
10
|
+
attr_reader :root_certificates_pem
|
11
|
+
|
12
|
+
# Create settings for encrypting the gRPC connection with TLS.
|
13
|
+
#
|
14
|
+
# @param root_certificates_pem [String, nil] the PEM-encoded certificates of root certificate authorities used to verify the server certificate (`nil` to use the public roots bundled with the `grpc` gem).
|
15
|
+
def initialize(root_certificates_pem: nil)
|
16
|
+
@root_certificates_pem = root_certificates_pem
|
17
|
+
end
|
18
|
+
|
19
|
+
# @private
|
20
|
+
def to_channel_credentials
|
21
|
+
GRPC::Core::ChannelCredentials.new(root_certificates_pem)
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
data/lib/cerbos.rb
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "google/protobuf"
|
4
|
+
require "google/protobuf/well_known_types"
|
5
|
+
require "grpc"
|
6
|
+
require "securerandom"
|
7
|
+
require "time"
|
8
|
+
|
9
|
+
# Namespace for the `cerbos` gem.
|
10
|
+
#
|
11
|
+
# Create a {Client} instance to interact with the Cerbos policy decision point server over gRPC.
|
12
|
+
module Cerbos
|
13
|
+
end
|
14
|
+
|
15
|
+
require_relative "cerbos/client"
|
16
|
+
require_relative "cerbos/input"
|
17
|
+
require_relative "cerbos/error"
|
18
|
+
require_relative "cerbos/output"
|
19
|
+
require_relative "cerbos/protobuf"
|
20
|
+
require_relative "cerbos/tls"
|
21
|
+
require_relative "cerbos/mutual_tls"
|
22
|
+
require_relative "cerbos/version"
|
data/yard_extensions.rb
ADDED
@@ -0,0 +1,33 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module CerbosOutputNewClassHandler
|
4
|
+
def process
|
5
|
+
if statement[1].call? && statement[1][0][0] == s(:const, "Output") && statement[1][2] == s(:ident, "new_class")
|
6
|
+
process_output_new_class(statement)
|
7
|
+
else
|
8
|
+
super
|
9
|
+
end
|
10
|
+
end
|
11
|
+
|
12
|
+
private
|
13
|
+
|
14
|
+
def process_output_new_class(statement)
|
15
|
+
proxy = P(namespace, statement[0].source)
|
16
|
+
output_class = YARD::CodeObjects::ClassObject.new(proxy.namespace, proxy.name)
|
17
|
+
register output_class
|
18
|
+
|
19
|
+
attributes = extract_parameters(statement[1])
|
20
|
+
|
21
|
+
attributes.each do |attribute|
|
22
|
+
register YARD::CodeObjects::MethodObject.new(output_class, attribute, :instance) do |method|
|
23
|
+
output_class.attributes[:instance][attribute] = SymbolHash[read: method, write: nil]
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
parse_block statement[1].block[1], namespace: output_class unless statement[1].block.nil?
|
28
|
+
|
29
|
+
output_class.child(name: :from_protobuf, scope: :class)&.visibility = :private
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
YARD::Handlers::Ruby::ConstantHandler.include CerbosOutputNewClassHandler
|
metadata
ADDED
@@ -0,0 +1,107 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: cerbos
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Cerbos
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2022-05-12 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: grpc
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '1.45'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '1.45'
|
27
|
+
description: Perform authorization in Ruby applications by interacting with the Cerbos
|
28
|
+
policy decision point.
|
29
|
+
email:
|
30
|
+
- help@cerbos.dev
|
31
|
+
executables: []
|
32
|
+
extensions: []
|
33
|
+
extra_rdoc_files: []
|
34
|
+
files:
|
35
|
+
- ".yardopts"
|
36
|
+
- CHANGELOG.md
|
37
|
+
- LICENSE.txt
|
38
|
+
- README.md
|
39
|
+
- cerbos.gemspec
|
40
|
+
- lib/cerbos.rb
|
41
|
+
- lib/cerbos/client.rb
|
42
|
+
- lib/cerbos/error.rb
|
43
|
+
- lib/cerbos/input.rb
|
44
|
+
- lib/cerbos/input/attributes.rb
|
45
|
+
- lib/cerbos/input/aux_data.rb
|
46
|
+
- lib/cerbos/input/jwt.rb
|
47
|
+
- lib/cerbos/input/principal.rb
|
48
|
+
- lib/cerbos/input/resource.rb
|
49
|
+
- lib/cerbos/input/resource_check.rb
|
50
|
+
- lib/cerbos/input/resource_query.rb
|
51
|
+
- lib/cerbos/mutual_tls.rb
|
52
|
+
- lib/cerbos/output.rb
|
53
|
+
- lib/cerbos/output/check_resources.rb
|
54
|
+
- lib/cerbos/output/plan_resources.rb
|
55
|
+
- lib/cerbos/output/server_info.rb
|
56
|
+
- lib/cerbos/protobuf.rb
|
57
|
+
- lib/cerbos/protobuf/cerbos/audit/v1/audit_pb.rb
|
58
|
+
- lib/cerbos/protobuf/cerbos/effect/v1/effect_pb.rb
|
59
|
+
- lib/cerbos/protobuf/cerbos/engine/v1/engine_pb.rb
|
60
|
+
- lib/cerbos/protobuf/cerbos/policy/v1/policy_pb.rb
|
61
|
+
- lib/cerbos/protobuf/cerbos/request/v1/request_pb.rb
|
62
|
+
- lib/cerbos/protobuf/cerbos/response/v1/response_pb.rb
|
63
|
+
- lib/cerbos/protobuf/cerbos/schema/v1/schema_pb.rb
|
64
|
+
- lib/cerbos/protobuf/cerbos/svc/v1/svc_pb.rb
|
65
|
+
- lib/cerbos/protobuf/cerbos/svc/v1/svc_services_pb.rb
|
66
|
+
- lib/cerbos/protobuf/cerbos/telemetry/v1/telemetry_pb.rb
|
67
|
+
- lib/cerbos/protobuf/google/api/annotations_pb.rb
|
68
|
+
- lib/cerbos/protobuf/google/api/expr/v1alpha1/checked_pb.rb
|
69
|
+
- lib/cerbos/protobuf/google/api/expr/v1alpha1/syntax_pb.rb
|
70
|
+
- lib/cerbos/protobuf/google/api/field_behavior_pb.rb
|
71
|
+
- lib/cerbos/protobuf/google/api/http_pb.rb
|
72
|
+
- lib/cerbos/protobuf/protoc-gen-openapiv2/options/annotations_pb.rb
|
73
|
+
- lib/cerbos/protobuf/protoc-gen-openapiv2/options/openapiv2_pb.rb
|
74
|
+
- lib/cerbos/protobuf/validate/validate_pb.rb
|
75
|
+
- lib/cerbos/tls.rb
|
76
|
+
- lib/cerbos/version.rb
|
77
|
+
- yard_extensions.rb
|
78
|
+
homepage: https://github.com/cerbos/cerbos-sdk-ruby
|
79
|
+
licenses:
|
80
|
+
- Apache-2.0
|
81
|
+
metadata:
|
82
|
+
bug_tracker_uri: https://github.com/cerbos/cerbos-sdk-ruby/issues
|
83
|
+
changelog_uri: https://github.com/cerbos/cerbos-sdk-ruby/blob/main/CHANGELOG.md
|
84
|
+
documentation_uri: https://www.rubydoc.info/gems/cerbos/0.1.0
|
85
|
+
homepage_uri: https://github.com/cerbos/cerbos-sdk-ruby
|
86
|
+
source_code_uri: https://github.com/cerbos/cerbos-sdk-ruby
|
87
|
+
rubygems_mfa_required: 'true'
|
88
|
+
post_install_message:
|
89
|
+
rdoc_options: []
|
90
|
+
require_paths:
|
91
|
+
- lib
|
92
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - ">="
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: 2.7.0
|
97
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
98
|
+
requirements:
|
99
|
+
- - ">="
|
100
|
+
- !ruby/object:Gem::Version
|
101
|
+
version: '0'
|
102
|
+
requirements: []
|
103
|
+
rubygems_version: 3.3.13
|
104
|
+
signing_key:
|
105
|
+
specification_version: 4
|
106
|
+
summary: Client library for authorization via Cerbos
|
107
|
+
test_files: []
|