cerbos 0.2.0 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -1
- data/lib/cerbos/client.rb +20 -1
- data/lib/cerbos/output/check_resources.rb +18 -1
- data/lib/cerbos/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 41c6a1f790cc09bff5f0c542d5338161730c4c649e66074afb381af8581637d3
|
|
4
|
+
data.tar.gz: f7fbd30bc55b357b1a0a77d1da2e48d06cf9af1fe4cfc44947c879e661a81768
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e0bbda1a092e1ec55fe9565765609fd0ed3dd77a4fa12f627cddbb1b7b48177d423114a9e8d21a454e2fcfd9257e6ce82da303f4f3df82d2d24d766519734100
|
|
7
|
+
data.tar.gz: 525b97f8aee44d35fe4039ab75ecad4315f79fedd0f2ad94a2b308fa99700579e8800009a38735ebdfc3a9f462aae230f71ef637ab682fc461c2d40cb6a897cb
|
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,12 @@
|
|
|
1
1
|
## [Unreleased]
|
|
2
2
|
No notable changes.
|
|
3
3
|
|
|
4
|
+
## [0.3.0] - 2022-05-13
|
|
5
|
+
### Added
|
|
6
|
+
- More helper methods ([#11](https://github.com/cerbos/cerbos-sdk-ruby/pull/11))
|
|
7
|
+
- `Cerbos::Client#allow?` for checking a single action on a resource
|
|
8
|
+
- `Cerbos::Output::CheckResources#allow_all?` and `Cerbos::Output::CheckResources::Result#allow_all?` for checking if all input actions were allowed
|
|
9
|
+
|
|
4
10
|
## [0.2.0] - 2022-05-12
|
|
5
11
|
### Changed
|
|
6
12
|
- Increased `grpc` version requirement to 1.46+ to avoid [installing a native gem compiled for `x86_64-darwin` on `arm64-darwin`](https://github.com/grpc/grpc/issues/29100) ([#8](https://github.com/cerbos/cerbos-sdk-ruby/pull/8))
|
|
@@ -9,6 +15,7 @@ No notable changes.
|
|
|
9
15
|
### Added
|
|
10
16
|
- Initial implementation of `Cerbos::Client` ([#2](https://github.com/cerbos/cerbos-sdk-ruby/pull/2))
|
|
11
17
|
|
|
12
|
-
[Unreleased]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.
|
|
18
|
+
[Unreleased]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.3.0...HEAD
|
|
19
|
+
[0.3.0]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.2.0...v0.3.0
|
|
13
20
|
[0.2.0]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.1.0...v0.2.0
|
|
14
21
|
[0.1.0]: https://github.com/cerbos/cerbos-sdk-ruby/compare/4481009e9dec2e1e6a2df8ea2f828690ceabbefc...v0.1.0
|
data/lib/cerbos/client.rb
CHANGED
|
@@ -44,11 +44,30 @@ module Cerbos
|
|
|
44
44
|
end
|
|
45
45
|
end
|
|
46
46
|
|
|
47
|
+
# Check if a principal is allowed to perform an action on a resource.
|
|
48
|
+
#
|
|
49
|
+
# @param principal [Input::Principal, Hash] the principal to check.
|
|
50
|
+
# @param resource [Input::Resource, Hash] the resource to check.
|
|
51
|
+
# @param action [String] the action to check.
|
|
52
|
+
# @param aux_data [Input::AuxData, Hash, nil] auxiliary data.
|
|
53
|
+
# @param request_id [String] identifier for tracing the request.
|
|
54
|
+
#
|
|
55
|
+
# @return [Boolean]
|
|
56
|
+
def allow?(principal:, resource:, action:, aux_data: nil, request_id: SecureRandom.uuid)
|
|
57
|
+
check_resource(
|
|
58
|
+
principal: principal,
|
|
59
|
+
resource: resource,
|
|
60
|
+
actions: [action],
|
|
61
|
+
aux_data: aux_data,
|
|
62
|
+
request_id: request_id
|
|
63
|
+
).allow?(action)
|
|
64
|
+
end
|
|
65
|
+
|
|
47
66
|
# Check a principal's permissions on a resource.
|
|
48
67
|
#
|
|
49
68
|
# @param principal [Input::Principal, Hash] the principal to check.
|
|
50
69
|
# @param resource [Input::Resource, Hash] the resource to check.
|
|
51
|
-
# @param actions [
|
|
70
|
+
# @param actions [Array<String>] the actions to check.
|
|
52
71
|
# @param aux_data [Input::AuxData, Hash, nil] auxiliary data.
|
|
53
72
|
# @param include_metadata [Boolean] `true` to include additional metadata ({Output::CheckResources::Result::Metadata}) in the results.
|
|
54
73
|
# @param request_id [String] identifier for tracing the request.
|
|
@@ -23,7 +23,7 @@ module Cerbos
|
|
|
23
23
|
)
|
|
24
24
|
end
|
|
25
25
|
|
|
26
|
-
# Check the policy decision was that an action should be allowed for a resource.
|
|
26
|
+
# Check if the policy decision was that an action should be allowed for a resource.
|
|
27
27
|
#
|
|
28
28
|
# @param resource [Input::Resource, Hash] the resource search criteria (see {#find_result}).
|
|
29
29
|
# @param action [String] the action to check.
|
|
@@ -34,6 +34,16 @@ module Cerbos
|
|
|
34
34
|
find_result(resource)&.allow?(action)
|
|
35
35
|
end
|
|
36
36
|
|
|
37
|
+
# Check if the policy decision was that all input actions should be allowed for a resource.
|
|
38
|
+
#
|
|
39
|
+
# @param resource [Input::Resource, Hash] the resource search criteria (see {#find_result}).
|
|
40
|
+
#
|
|
41
|
+
# @return [Boolean]
|
|
42
|
+
# @return [nil] if the resource is not present in the results.
|
|
43
|
+
def allow_all?(resource)
|
|
44
|
+
find_result(resource)&.allow_all?
|
|
45
|
+
end
|
|
46
|
+
|
|
37
47
|
# Find an item from {#results} by resource.
|
|
38
48
|
#
|
|
39
49
|
# @param resource [Input::Resource, Hash] the resource search criteria. `kind` and `id` are required; `policy_version` and `scope` may also be provided if needed to distinguish between multiple results for the same `kind` and `id`.
|
|
@@ -95,6 +105,13 @@ module Cerbos
|
|
|
95
105
|
actions[action]&.eql?(:EFFECT_ALLOW)
|
|
96
106
|
end
|
|
97
107
|
|
|
108
|
+
# Check if the policy decision was that all input actions should be allowed for the resource.
|
|
109
|
+
#
|
|
110
|
+
# @return [Boolean]
|
|
111
|
+
def allow_all?
|
|
112
|
+
actions.each_value.all? { |effect| effect == :EFFECT_ALLOW }
|
|
113
|
+
end
|
|
114
|
+
|
|
98
115
|
# List the actions that should be allowed for the resource.
|
|
99
116
|
#
|
|
100
117
|
# @return [Array<String>]
|
data/lib/cerbos/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cerbos
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Cerbos
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-05-
|
|
11
|
+
date: 2022-05-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: grpc
|
|
@@ -81,7 +81,7 @@ licenses:
|
|
|
81
81
|
metadata:
|
|
82
82
|
bug_tracker_uri: https://github.com/cerbos/cerbos-sdk-ruby/issues
|
|
83
83
|
changelog_uri: https://github.com/cerbos/cerbos-sdk-ruby/blob/main/CHANGELOG.md
|
|
84
|
-
documentation_uri: https://www.rubydoc.info/gems/cerbos/0.
|
|
84
|
+
documentation_uri: https://www.rubydoc.info/gems/cerbos/0.3.0
|
|
85
85
|
homepage_uri: https://github.com/cerbos/cerbos-sdk-ruby
|
|
86
86
|
source_code_uri: https://github.com/cerbos/cerbos-sdk-ruby
|
|
87
87
|
rubygems_mfa_required: 'true'
|