cerbos 0.11.0 → 0.12.0

data/lib/cerbos/hub/stores/input/change_details.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+module Cerbos
+  module Hub
+    module Stores
+      module Input
+        # Metadata describing a change that was made to a store.
+        class ChangeDetails
+          # Description of the change.
+          #
+          # @return [String]
+          attr_reader :description
+
+          # Origin of the change.
+          #
+          # @return [Origin]
+          # @return [nil] if not provided
+          attr_reader :origin
+
+          # Metadata describing the uploader who made the change.
+          #
+          # @return [Uploader]
+          # @return [nil] if not provided
+          attr_reader :uploader
+
+          # Specify metadata describing a change that was made to a store.
+          #
+          # @param description [String] description of the change.
+          # @param origin [Origin, Hash, nil] origin of the change.
+          # @param uploader [Uploader, Hash, nil] metadata describing the uploader who made the change.
+          def initialize(description: "", origin: nil, uploader: nil)
+            @description = description
+            @origin = Cerbos::Input.coerce_optional(origin, Origin)
+            @uploader = Cerbos::Input.coerce_optional(uploader, Uploader)
+          end
+
+          # @private
+          def to_protobuf
+            Protobuf::Cerbos::Cloud::Store::V1::ChangeDetails.new(
+              description:,
+              origin: origin&.to_protobuf,
+              uploader: uploader&.to_protobuf
+            )
+          end
+        end
+      end
+    end
+  end
+end
+
+require_relative "change_details/origin"
+require_relative "change_details/uploader"

data/lib/cerbos/hub/stores/input/file_filter.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module Cerbos
+  module Hub
+    module Stores
+      module Input
+        # A filter to match files when listing store contents.
+        class FileFilter
+          # Match files by path.
+          #
+          # @return [StringMatch]
+          # @return [nil] if not provided
+          attr_reader :path
+
+          # Specify a filter to match files when listing store contents.
+          #
+          # @param path [StringMatch, Hash, nil] match files by path.
+          def initialize(path: nil)
+            @path = Cerbos::Input.coerce_optional(path, StringMatch)
+          end
+
+          # @private
+          def to_protobuf
+            Protobuf::Cerbos::Cloud::Store::V1::FileFilter.new(path: path&.to_protobuf)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/cerbos/hub/stores/input/file_modification_condition.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module Cerbos
+  module Hub
+    module Stores
+      module Input
+        # A condition that must be met to make a file modification.
+        class FileModificationCondition
+          # Only modify files if the store version is equal to the provided value.
+          #
+          # @return [Integer]
+          attr_reader :store_version_must_equal
+
+          # Specify a condition that must be met to make a file modification.
+          #
+          # @param store_version_must_equal [Integer] only modify files if the store version is equal to the provided value.
+          def initialize(store_version_must_equal:)
+            @store_version_must_equal = store_version_must_equal
+          end
+
+          # @private
+          def to_protobuf_modify_files
+            Protobuf::Cerbos::Cloud::Store::V1::ModifyFilesRequest::Condition.new(store_version_must_equal:)
+          end
+
+          # @private
+          def to_protobuf_replace_files
+            Protobuf::Cerbos::Cloud::Store::V1::ReplaceFilesRequest::Condition.new(store_version_must_equal:)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/cerbos/hub/stores/input/file_operation.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+module Cerbos
+  module Hub
+    module Stores
+      module Input
+        # An operation modifying a file in a store.
+        #
+        # @abstract
+        class FileOperation
+          include AbstractClass
+
+          # Add or update a file.
+          class AddOrUpdate < FileOperation
+            # The file to add or update.
+            #
+            # @return [File]
+            attr_reader :file
+
+            # Specify a file to add or update.
+            #
+            # @param file [File, Hash] the file to add or update.
+            def initialize(file:)
+              @file = Cerbos::Input.coerce_required(file, File)
+            end
+
+            # @private
+            def to_protobuf
+              Protobuf::Cerbos::Cloud::Store::V1::FileOp.new(add_or_update: file.to_protobuf)
+            end
+          end
+
+          # Delete a file.
+          class Delete < FileOperation
+            # Path of the file to delete.
+            #
+            # @return [String]
+            attr_reader :path
+
+            # Specify a file to delete.
+            #
+            # @param path [String] path of the file to delete.
+            def initialize(path:)
+              @path = path
+            end
+
+            # @private
+            def to_protobuf
+              Protobuf::Cerbos::Cloud::Store::V1::FileOp.new(delete: path)
+            end
+          end
+
+          # @private
+          def self.from_h(**file_operation)
+            case file_operation
+            in add_or_update: file, **nil
+              AddOrUpdate.new(file:)
+            in delete: path, **nil
+              Delete.new(path:)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/cerbos/hub/stores/input/string_match.rb

@@ -0,0 +1,88 @@
+# frozen_string_literal: true
+
+module Cerbos
+  module Hub
+    module Stores
+      module Input
+        # Filter to match a string.
+        #
+        # @abstract
+        class StringMatch
+          include AbstractClass
+
+          # Filter to match a string exactly.
+          class Equals < StringMatch
+            # The string to match.
+            #
+            # @return [String]
+            attr_reader :value
+
+            # Specify a filter to match a string exactly.
+            #
+            # @param value [String] the string to match.
+            def initialize(value:)
+              @value = value
+            end
+
+            # @private
+            def to_protobuf
+              Protobuf::Cerbos::Cloud::Store::V1::StringMatch.new(equals: value)
+            end
+          end
+
+          # Filter to match a string by a substring.
+          class Contains < StringMatch
+            # The substring to match.
+            #
+            # @return [String]
+            attr_reader :value
+
+            # Specify a filter to match a string by a substring.
+            #
+            # @param value [String] the substring to match.
+            def initialize(value:)
+              @value = value
+            end
+
+            # @private
+            def to_protobuf
+              Protobuf::Cerbos::Cloud::Store::V1::StringMatch.new(contains: value)
+            end
+          end
+
+          # Filter to match a string from a list.
+          class In < StringMatch
+            # The strings to match.
+            #
+            # @return [Array<String>]
+            attr_reader :values
+
+            # Specify a filter to match a string from a list.
+            #
+            # @param values [Array<String>] the strings to match.
+            def initialize(values:)
+              @values = values
+            end
+
+            # @private
+            def to_protobuf
+              Protobuf::Cerbos::Cloud::Store::V1::StringMatch.new(in: Protobuf::Cerbos::Cloud::Store::V1::StringMatch::InList.new(values:))
+            end
+          end
+
+          # @private
+          def self.from_h(**string_match)
+            case string_match
+            in equals: value, **nil
+              Equals.new(value:)
+            in contains: value, **nil
+              Contains.new(value:)
+            in in: values, **nil
+              In.new(values:)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/cerbos/hub/stores/input.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module Cerbos
+  module Hub
+    module Stores
+      # Namespace for objects passed to {Client} methods.
+      module Input
+      end
+    end
+  end
+end
+
+require_relative "input/change_details"
+require_relative "input/file_filter"
+require_relative "input/file_modification_condition"
+require_relative "input/file_operation"
+require_relative "input/string_match"

data/lib/cerbos/hub/stores/output/get_files.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module Cerbos
+  module Hub
+    module Stores
+      module Output
+        # The outcome of getting files from a store.
+        #
+        # @see Client#get_files
+        GetFiles = Cerbos::Output.new_class(:store_version, :files) do
+          # @!attribute [r] store_version
+          #   The current version of the store.
+          #
+          #   @return [Integer]
+
+          # @!attribute [r] files
+          #   Paths of the files that were found in the store.
+          #
+          #   @return [Array<File>]
+
+          def self.from_protobuf(get_files)
+            new(
+              store_version: get_files.store_version,
+              files: get_files.files.map { |file| File.from_protobuf(file) }
+            )
+          end
+        end
+      end
+    end
+  end
+end

data/lib/cerbos/hub/stores/output/list_files.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module Cerbos
+  module Hub
+    module Stores
+      module Output
+        # The outcome of listing files in a store.
+        #
+        # @see Client#list_files
+        ListFiles = Cerbos::Output.new_class(:store_version, :files) do
+          # @!attribute [r] store_version
+          #   The current version of the store.
+          #
+          #   @return [Integer]
+
+          # @!attribute [r] files
+          #   Paths of the files that were found in the store.
+          #
+          #   @return [Array<String>]
+
+          def self.from_protobuf(list_files)
+            new(
+              store_version: list_files.store_version,
+              files: list_files.files
+            )
+          end
+        end
+      end
+    end
+  end
+end

data/lib/cerbos/hub/stores/output/modify_files.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+module Cerbos
+  module Hub
+    module Stores
+      module Output
+        # The outcome of modifying files in a store.
+        #
+        # @see Client#modify_files
+        ModifyFiles = Cerbos::Output.new_class(:new_store_version, :changed) do
+          # @!attribute [r] new_store_version
+          #   The new version of the store after the files were replaced.
+          #
+          #   If `allow_unchanged` was `true`, this will be the existing store version if no changes were made.
+          #
+          #   @return [Integer]
+
+          # @!attribute [r] changed
+          #   Whether any changes were made to the store contents.
+          #
+          #   This can only be `false` if `allow_unchanged` was `true`.
+          #
+          #   @return [Boolean]
+
+          def self.from_protobuf(modify_files)
+            new(
+              new_store_version: modify_files.new_store_version,
+              changed: true
+            )
+          end
+        end
+      end
+    end
+  end
+end

data/lib/cerbos/hub/stores/output/replace_files.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+module Cerbos
+  module Hub
+    module Stores
+      module Output
+        # The outcome of replacing files in a store.
+        #
+        # @see Client#replace_files
+        ReplaceFiles = Cerbos::Output.new_class(:new_store_version, :ignored_files, :changed) do
+          # @!attribute [r] new_store_version
+          #   The new version of the store after the files were replaced.
+          #
+          #   If `allow_unchanged` was `true`, this will be the existing store version if no changes were made.
+          #
+          #   @return [Integer]
+
+          # @!attribute [r] ignored_files
+          #   Paths of files that were provided in the request but were ignored.
+          #
+          #   Files with unexpected paths, for example hidden files, will be ignored.
+          #
+          #   @return [Array<String>]
+
+          # @!attribute [r] changed
+          #   Whether any changes were made to the store contents.
+          #
+          #   This can only be `false` if `allow_unchanged` was `true`.
+          #
+          #   @return [Boolean]
+
+          def self.from_protobuf(replace_files)
+            new(
+              new_store_version: replace_files.new_store_version,
+              ignored_files: replace_files.ignored_files,
+              changed: true
+            )
+          end
+        end
+      end
+    end
+  end
+end

data/lib/cerbos/hub/stores/output.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module Cerbos
+  module Hub
+    module Stores
+      # Namespace for objects returned by {Client} methods.
+      module Output
+      end
+    end
+  end
+end
+
+require_relative "output/get_files"
+require_relative "output/list_files"
+require_relative "output/modify_files"
+require_relative "output/replace_files"

data/lib/cerbos/hub/stores.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module Cerbos
+  module Hub
+    # Namespace for interacting with {https://docs.cerbos.dev/cerbos-hub/policy-stores policy stores}.
+    module Stores
+    end
+  end
+end
+
+require_relative "stores/client"
+require_relative "stores/error"
+require_relative "stores/file"
+require_relative "stores/input"
+require_relative "stores/output"

data/lib/cerbos/hub.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+module Cerbos
+  # Namespace for clients for interacting with {https://www.cerbos.dev/product-cerbos-hub Cerbos Hub}.
+  module Hub
+  end
+end
+
+require_relative "hub/access_token"
+require_relative "hub/circuit_breaker"
+require_relative "hub/service"
+require_relative "hub/stores"

data/lib/cerbos/input.rb

@@ -7,9 +7,10 @@ module Cerbos
     def self.coerce_required(value, to_class)
       raise ArgumentError, "Value is required" if value.nil?
       return value if value.is_a?(to_class)
+      return to_class.from_h(**value) if to_class.respond_to?(:from_h)
 
       to_class.new(**value)
-    rescue ArgumentError, TypeError => error
+    rescue ArgumentError, NoMatchingPatternError, TypeError => error
       raise Error::InvalidArgument.new(details: "Failed to create #{to_class.name} from #{value.inspect}: #{error}")
     end