cerbos 0.3.0 → 0.6.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +25 -1
- data/README.md +10 -0
- data/lib/cerbos/client.rb +36 -5
- data/lib/cerbos/error.rb +16 -1
- data/lib/cerbos/input/attributes.rb +14 -1
- data/lib/cerbos/input/resource_query.rb +1 -1
- data/lib/cerbos/output/check_resources.rb +18 -41
- data/lib/cerbos/output/plan_resources.rb +7 -1
- data/lib/cerbos/output/validation_error.rb +45 -0
- data/lib/cerbos/output.rb +1 -0
- data/lib/cerbos/protobuf/cerbos/audit/v1/audit_pb.rb +16 -0
- data/lib/cerbos/protobuf/cerbos/engine/v1/engine_pb.rb +64 -33
- data/lib/cerbos/protobuf/cerbos/request/v1/request_pb.rb +1 -1
- data/lib/cerbos/protobuf/cerbos/response/v1/response_pb.rb +3 -27
- data/lib/cerbos/protobuf/cerbos/telemetry/v1/telemetry_pb.rb +65 -41
- data/lib/cerbos/version.rb +1 -1
- metadata +5 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e21f0359fb0e125e0e3a6d4ecf9ac0c12e254ab464b4ad67e8d6213fd2974ed5
|
4
|
+
data.tar.gz: a959dfdc08af3b960b58cd78c953925fba3b88b5db915bb30f94d3f32b810cb9
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7e89b9ec5168b7215d9b9c1ad86ed8a34404f3cd3db2b6bf44889b319fc3ab5520d2ea5eb74f22e99d955e544cfb43ca925dc597763c8ae782a645ee5b086c4b
|
7
|
+
data.tar.gz: e7ddf0d6071cd1ac4f607617b95e0987d11d72d34feeda6742d034f2ff212ca01dd0ef57abb94e2d54e578cd5bd5929e0ff2dab3844835cad557b9b9b062b10e
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,27 @@
|
|
1
1
|
## [Unreleased]
|
2
2
|
No notable changes.
|
3
3
|
|
4
|
+
## [0.6.0] - 2022-07-01
|
5
|
+
### Added
|
6
|
+
- Support for schema validation in `Cerbos::Client#plan_resources` ([#32](https://github.com/cerbos/cerbos-sdk-ruby/pull/32))
|
7
|
+
|
8
|
+
Requires Cerbos 0.19+.
|
9
|
+
`Cerbos::Output::PlanResources#validation_errors` will always return an empty array if the client is connected to an earlier version of Cerbos.
|
10
|
+
|
11
|
+
As a result, `Cerbos::Output::CheckResources::Result::ValidationError` has moved to `Cerbos::Output::ValidationError`.
|
12
|
+
Attempting to access the class via the old namespace will print a deprecation warning and return the new class.
|
13
|
+
|
14
|
+
## [0.5.0] - 2022-06-09
|
15
|
+
### Added
|
16
|
+
- Allow symbol keys in nested attributes hashes ([#28](https://github.com/cerbos/cerbos-sdk-ruby/pull/28))
|
17
|
+
|
18
|
+
## [0.4.0] - 2022-06-03
|
19
|
+
### Added
|
20
|
+
- `on_validation_error` option to `Cerbos::Client#initialize` ([#22](https://github.com/cerbos/cerbos-sdk-ruby/pull/22))
|
21
|
+
|
22
|
+
### Changed
|
23
|
+
- Minor documentation fixes ([#21](https://github.com/cerbos/cerbos-sdk-ruby/pull/21))
|
24
|
+
|
4
25
|
## [0.3.0] - 2022-05-13
|
5
26
|
### Added
|
6
27
|
- More helper methods ([#11](https://github.com/cerbos/cerbos-sdk-ruby/pull/11))
|
@@ -15,7 +36,10 @@ No notable changes.
|
|
15
36
|
### Added
|
16
37
|
- Initial implementation of `Cerbos::Client` ([#2](https://github.com/cerbos/cerbos-sdk-ruby/pull/2))
|
17
38
|
|
18
|
-
[Unreleased]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.
|
39
|
+
[Unreleased]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.6.0...HEAD
|
40
|
+
[0.6.0]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.5.0...v0.6.0
|
41
|
+
[0.5.0]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.4.0...v0.5.0
|
42
|
+
[0.4.0]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.3.0...v0.4.0
|
19
43
|
[0.3.0]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.2.0...v0.3.0
|
20
44
|
[0.2.0]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.1.0...v0.2.0
|
21
45
|
[0.1.0]: https://github.com/cerbos/cerbos-sdk-ruby/compare/4481009e9dec2e1e6a2df8ea2f828690ceabbefc...v0.1.0
|
data/README.md
CHANGED
@@ -53,3 +53,13 @@ decision.allow?("edit") # => false
|
|
53
53
|
```
|
54
54
|
|
55
55
|
For more details, [see the `Client` documentation](https://www.rubydoc.info/gems/cerbos/Cerbos/Client).
|
56
|
+
|
57
|
+
## Further reading
|
58
|
+
|
59
|
+
- [API reference](https://www.rubydoc.info/gems/cerbos/Cerbos)
|
60
|
+
- [Cerbos documentation](https://docs.cerbos.dev)
|
61
|
+
|
62
|
+
## Get help
|
63
|
+
|
64
|
+
- [Join the Cerbos community on Slack](http://go.cerbos.io/slack)
|
65
|
+
- [Email us at help@cerbos.dev](mailto:help@cerbos.dev)
|
data/lib/cerbos/client.rb
CHANGED
@@ -9,9 +9,10 @@ module Cerbos
|
|
9
9
|
class Client
|
10
10
|
# Create a client for interacting with the Cerbos PDP server over gRPC.
|
11
11
|
#
|
12
|
-
# @param target [String] Cerbos PDP server address (`"host"
|
12
|
+
# @param target [String] Cerbos PDP server address (`"host"`, `"host:port"`, or `"unix:/path/to/socket"`).
|
13
13
|
# @param tls [TLS, MutualTLS, false] gRPC connection encryption settings (`false` for plaintext).
|
14
14
|
# @param grpc_channel_args [Hash{String, Symbol => String, Integer}] low-level settings for the gRPC channel (see [available keys in the gRPC documentation](https://grpc.github.io/grpc/core/group__grpc__arg__keys.html)).
|
15
|
+
# @param on_validation_error [:return, :raise, #call] action to take when input fails schema validation (`:return` to return the validation errors in the response, `:raise` to raise {Error::ValidationFailed}, or a callback to invoke).
|
15
16
|
# @param playground_instance [String, nil] identifier of the playground instance to use when prototyping against the hosted demo PDP.
|
16
17
|
# @param timeout [Numeric, nil] timeout for gRPC calls, in seconds (`nil` to never time out).
|
17
18
|
#
|
@@ -23,7 +24,15 @@ module Cerbos
|
|
23
24
|
#
|
24
25
|
# @example Connect to the hosted demo PDP to experiment [in the playground](https://play.cerbos.dev)
|
25
26
|
# client = Cerbos::Client.new("demo-pdp.cerbos.cloud", tls: Cerbos::TLS.new, playground_instance: "gE623b0180QlsG5a4QIN6UOZ6f3iSFW2")
|
26
|
-
|
27
|
+
#
|
28
|
+
# @example Raise an error when input fails schema validation
|
29
|
+
# client = Cerbos::Client.new("localhost:3593", tls: false, on_validation_error: :raise)
|
30
|
+
#
|
31
|
+
# @example Invoke a callback when input fails schema validation
|
32
|
+
# client = Cerbos::Client.new("localhost:3593", tls: false, on_validation_error: ->(validation_errors) { do_something_with validation_errors })
|
33
|
+
def initialize(target, tls:, grpc_channel_args: {}, on_validation_error: :return, playground_instance: nil, timeout: nil)
|
34
|
+
@on_validation_error = on_validation_error
|
35
|
+
|
27
36
|
handle_errors do
|
28
37
|
credentials = tls ? tls.to_channel_credentials : :this_channel_is_insecure
|
29
38
|
|
@@ -53,6 +62,13 @@ module Cerbos
|
|
53
62
|
# @param request_id [String] identifier for tracing the request.
|
54
63
|
#
|
55
64
|
# @return [Boolean]
|
65
|
+
#
|
66
|
+
# @example
|
67
|
+
# client.allow?(
|
68
|
+
# principal: {id: "user@example.com", roles: ["USER"]},
|
69
|
+
# resource: {kind: "document", id: "1"},
|
70
|
+
# action: "view"
|
71
|
+
# ) # => true
|
56
72
|
def allow?(principal:, resource:, action:, aux_data: nil, request_id: SecureRandom.uuid)
|
57
73
|
check_resource(
|
58
74
|
principal: principal,
|
@@ -119,7 +135,7 @@ module Cerbos
|
|
119
135
|
# ]
|
120
136
|
# )
|
121
137
|
#
|
122
|
-
#
|
138
|
+
# decision.allow?(resource: {kind: "document", id: "1"}, action: "view") # => true
|
123
139
|
def check_resources(principal:, resources:, aux_data: nil, include_metadata: false, request_id: SecureRandom.uuid)
|
124
140
|
handle_errors do
|
125
141
|
request = Protobuf::Cerbos::Request::V1::CheckResourcesRequest.new(
|
@@ -132,7 +148,9 @@ module Cerbos
|
|
132
148
|
|
133
149
|
response = perform_request(@cerbos_service, :check_resources, request)
|
134
150
|
|
135
|
-
Output::CheckResources.from_protobuf(response)
|
151
|
+
Output::CheckResources.from_protobuf(response).tap do |output|
|
152
|
+
handle_validation_errors output
|
153
|
+
end
|
136
154
|
end
|
137
155
|
end
|
138
156
|
|
@@ -169,7 +187,9 @@ module Cerbos
|
|
169
187
|
|
170
188
|
response = perform_request(@cerbos_service, :plan_resources, request)
|
171
189
|
|
172
|
-
Output::PlanResources.from_protobuf(response)
|
190
|
+
Output::PlanResources.from_protobuf(response).tap do |output|
|
191
|
+
handle_validation_errors output
|
192
|
+
end
|
173
193
|
end
|
174
194
|
end
|
175
195
|
|
@@ -200,6 +220,17 @@ module Cerbos
|
|
200
220
|
raise Error, error.message
|
201
221
|
end
|
202
222
|
|
223
|
+
def handle_validation_errors(output)
|
224
|
+
return if @on_validation_error == :return
|
225
|
+
|
226
|
+
validation_errors = output.validation_errors
|
227
|
+
return if validation_errors.empty?
|
228
|
+
|
229
|
+
raise Error::ValidationFailed.new(validation_errors) if @on_validation_error == :raise
|
230
|
+
|
231
|
+
@on_validation_error.call validation_errors
|
232
|
+
end
|
233
|
+
|
203
234
|
def perform_request(service, rpc, request)
|
204
235
|
service.public_send(rpc, request)
|
205
236
|
end
|
data/lib/cerbos/error.rb
CHANGED
@@ -3,6 +3,21 @@
|
|
3
3
|
module Cerbos
|
4
4
|
# Base type for errors thrown by the `cerbos` gem.
|
5
5
|
class Error < StandardError
|
6
|
+
# Input failed schema validation.
|
7
|
+
class ValidationFailed < Error
|
8
|
+
# The validation errors that occurred.
|
9
|
+
#
|
10
|
+
# @return [Array<Output::CheckResources::Result::ValidationError>]
|
11
|
+
attr_reader :validation_errors
|
12
|
+
|
13
|
+
# @private
|
14
|
+
def initialize(validation_errors)
|
15
|
+
super "Input failed schema validation"
|
16
|
+
|
17
|
+
@validation_errors = validation_errors
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
6
21
|
# An error indicating an unsuccessful gRPC operation.
|
7
22
|
class NotOK < Error
|
8
23
|
# The gRPC status code.
|
@@ -33,7 +48,7 @@ module Cerbos
|
|
33
48
|
|
34
49
|
# @private
|
35
50
|
def initialize(code:, details:, metadata: {})
|
36
|
-
super
|
51
|
+
super "gRPC error #{code}: #{details}"
|
37
52
|
|
38
53
|
@code = code
|
39
54
|
@details = details
|
@@ -22,7 +22,20 @@ module Cerbos
|
|
22
22
|
|
23
23
|
# @private
|
24
24
|
def to_protobuf
|
25
|
-
@attributes.transform_values { |value| Google::Protobuf::Value.from_ruby(value) }
|
25
|
+
@attributes.transform_values { |value| Google::Protobuf::Value.from_ruby(deep_stringify_keys(value)) }
|
26
|
+
end
|
27
|
+
|
28
|
+
private
|
29
|
+
|
30
|
+
def deep_stringify_keys(object)
|
31
|
+
case object
|
32
|
+
when Hash
|
33
|
+
object.each_with_object({}) { |(key, value), result| result[key.to_s] = deep_stringify_keys(value) }
|
34
|
+
when Array
|
35
|
+
object.map { |value| deep_stringify_keys(value) }
|
36
|
+
else
|
37
|
+
object
|
38
|
+
end
|
26
39
|
end
|
27
40
|
end
|
28
41
|
end
|
@@ -43,7 +43,7 @@ module Cerbos
|
|
43
43
|
|
44
44
|
# @private
|
45
45
|
def to_protobuf
|
46
|
-
Protobuf::Cerbos::Engine::V1::
|
46
|
+
Protobuf::Cerbos::Engine::V1::PlanResourcesInput::Resource.new(
|
47
47
|
kind: kind,
|
48
48
|
attr: attributes.to_protobuf,
|
49
49
|
policy_version: policy_version,
|
@@ -55,6 +55,13 @@ module Cerbos
|
|
55
55
|
results.find { |result| matching_resource?(search, result.resource) }
|
56
56
|
end
|
57
57
|
|
58
|
+
# List unique schema validation errors for the principal or resource attributes.
|
59
|
+
#
|
60
|
+
# @return [Array<ValidationError>]
|
61
|
+
def validation_errors
|
62
|
+
results.flat_map(&:validation_errors).uniq
|
63
|
+
end
|
64
|
+
|
58
65
|
private
|
59
66
|
|
60
67
|
def matching_resource?(search, candidate)
|
@@ -88,11 +95,21 @@ module Cerbos
|
|
88
95
|
# @return [Metadata]
|
89
96
|
# @return [nil] if `include_metadata` was `false`.
|
90
97
|
|
98
|
+
# @private
|
99
|
+
def self.const_missing(const)
|
100
|
+
if const == :ValidationError
|
101
|
+
warn "#{name}::ValidationError is deprecated; use #{ValidationError.name} instead (called from #{caller(1..1).first})"
|
102
|
+
return ValidationError
|
103
|
+
end
|
104
|
+
|
105
|
+
super
|
106
|
+
end
|
107
|
+
|
91
108
|
def self.from_protobuf(entry)
|
92
109
|
new(
|
93
110
|
resource: CheckResources::Result::Resource.from_protobuf(entry.resource),
|
94
111
|
actions: entry.actions.to_h,
|
95
|
-
validation_errors: (entry.validation_errors || []).map { |validation_error|
|
112
|
+
validation_errors: (entry.validation_errors || []).map { |validation_error| ValidationError.from_protobuf(validation_error) },
|
96
113
|
metadata: CheckResources::Result::Metadata.from_protobuf(entry.meta)
|
97
114
|
)
|
98
115
|
end
|
@@ -154,46 +171,6 @@ module Cerbos
|
|
154
171
|
end
|
155
172
|
end
|
156
173
|
|
157
|
-
# An error that occurred while validating the principal or resource attributes against a schema.
|
158
|
-
CheckResources::Result::ValidationError = Output.new_class(:path, :message, :source) do
|
159
|
-
# @!attribute [r] path
|
160
|
-
# The path to the attribute that failed validation.
|
161
|
-
#
|
162
|
-
# @return [String]
|
163
|
-
|
164
|
-
# @!attribute [r] message
|
165
|
-
# The error message.
|
166
|
-
#
|
167
|
-
# @return [String]
|
168
|
-
|
169
|
-
# @!attribute [r] source
|
170
|
-
# The source of the invalid attributes.
|
171
|
-
#
|
172
|
-
# @return [:SOURCE_PRINCIPAL, :SOURCE_RESOURCE]
|
173
|
-
|
174
|
-
def self.from_protobuf(validation_error)
|
175
|
-
new(
|
176
|
-
path: validation_error.path,
|
177
|
-
message: validation_error.message,
|
178
|
-
source: validation_error.source
|
179
|
-
)
|
180
|
-
end
|
181
|
-
|
182
|
-
# Check if the principal's attributes failed schema validation.
|
183
|
-
#
|
184
|
-
# @return [Boolean]
|
185
|
-
def from_principal?
|
186
|
-
source == :SOURCE_PRINCIPAL
|
187
|
-
end
|
188
|
-
|
189
|
-
# Check if the resource's attributes failed schema validation.
|
190
|
-
#
|
191
|
-
# @return [Boolean]
|
192
|
-
def from_resource?
|
193
|
-
source == :SOURCE_RESOURCE
|
194
|
-
end
|
195
|
-
end
|
196
|
-
|
197
174
|
# Additional information about how policy decisions were reached.
|
198
175
|
CheckResources::Result::Metadata = Output.new_class(:actions, :effective_derived_roles) do
|
199
176
|
# @!attribute [r] actions
|
@@ -5,7 +5,7 @@ module Cerbos
|
|
5
5
|
# A query plan that can be used to obtain a list of resources on which a principal is allowed to perform a particular action.
|
6
6
|
#
|
7
7
|
# @see Client#plan_resources
|
8
|
-
PlanResources = Output.new_class(:request_id, :kind, :condition, :metadata) do
|
8
|
+
PlanResources = Output.new_class(:request_id, :kind, :condition, :validation_errors, :metadata) do
|
9
9
|
# @!attribute [r] request_id
|
10
10
|
# The identifier for tracing the request.
|
11
11
|
#
|
@@ -26,6 +26,11 @@ module Cerbos
|
|
26
26
|
# @see #always_denied?
|
27
27
|
# @see #conditional?
|
28
28
|
|
29
|
+
# @!attribute [r] validation_errors
|
30
|
+
# Any schema validation errors for the principal or resource attributes.
|
31
|
+
#
|
32
|
+
# @return [Array<ValidationError>]
|
33
|
+
|
29
34
|
# @!attribute [r] metadata
|
30
35
|
# Additional information about the query plan.
|
31
36
|
#
|
@@ -37,6 +42,7 @@ module Cerbos
|
|
37
42
|
request_id: plan_resources.request_id,
|
38
43
|
kind: plan_resources.filter.kind,
|
39
44
|
condition: PlanResources::Expression::Operand.from_protobuf(plan_resources.filter.condition),
|
45
|
+
validation_errors: (plan_resources.validation_errors || []).map { |validation_error| ValidationError.from_protobuf(validation_error) },
|
40
46
|
metadata: PlanResources::Metadata.from_protobuf(plan_resources.meta)
|
41
47
|
)
|
42
48
|
end
|
@@ -0,0 +1,45 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Cerbos
|
4
|
+
module Output
|
5
|
+
# An error that occurred while validating the principal or resource attributes against a schema.
|
6
|
+
ValidationError = Output.new_class(:path, :message, :source) do
|
7
|
+
# @!attribute [r] path
|
8
|
+
# The path to the attribute that failed validation.
|
9
|
+
#
|
10
|
+
# @return [String]
|
11
|
+
|
12
|
+
# @!attribute [r] message
|
13
|
+
# The error message.
|
14
|
+
#
|
15
|
+
# @return [String]
|
16
|
+
|
17
|
+
# @!attribute [r] source
|
18
|
+
# The source of the invalid attributes.
|
19
|
+
#
|
20
|
+
# @return [:SOURCE_PRINCIPAL, :SOURCE_RESOURCE]
|
21
|
+
|
22
|
+
def self.from_protobuf(validation_error)
|
23
|
+
new(
|
24
|
+
path: validation_error.path,
|
25
|
+
message: validation_error.message,
|
26
|
+
source: validation_error.source
|
27
|
+
)
|
28
|
+
end
|
29
|
+
|
30
|
+
# Check if the principal's attributes failed schema validation.
|
31
|
+
#
|
32
|
+
# @return [Boolean]
|
33
|
+
def from_principal?
|
34
|
+
source == :SOURCE_PRINCIPAL
|
35
|
+
end
|
36
|
+
|
37
|
+
# Check if the resource's attributes failed schema validation.
|
38
|
+
#
|
39
|
+
# @return [Boolean]
|
40
|
+
def from_resource?
|
41
|
+
source == :SOURCE_RESOURCE
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
data/lib/cerbos/output.rb
CHANGED
@@ -23,6 +23,20 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
23
23
|
repeated :inputs, :message, 4, "cerbos.engine.v1.CheckInput", json_name: "inputs"
|
24
24
|
repeated :outputs, :message, 5, "cerbos.engine.v1.CheckOutput", json_name: "outputs"
|
25
25
|
optional :error, :string, 6, json_name: "error"
|
26
|
+
oneof :method do
|
27
|
+
optional :check_resources, :message, 7, "cerbos.audit.v1.DecisionLogEntry.CheckResources", json_name: "checkResources"
|
28
|
+
optional :plan_resources, :message, 8, "cerbos.audit.v1.DecisionLogEntry.PlanResources", json_name: "planResources"
|
29
|
+
end
|
30
|
+
end
|
31
|
+
add_message "cerbos.audit.v1.DecisionLogEntry.CheckResources" do
|
32
|
+
repeated :inputs, :message, 1, "cerbos.engine.v1.CheckInput", json_name: "inputs"
|
33
|
+
repeated :outputs, :message, 2, "cerbos.engine.v1.CheckOutput", json_name: "outputs"
|
34
|
+
optional :error, :string, 3, json_name: "error"
|
35
|
+
end
|
36
|
+
add_message "cerbos.audit.v1.DecisionLogEntry.PlanResources" do
|
37
|
+
optional :input, :message, 1, "cerbos.engine.v1.PlanResourcesInput", json_name: "input"
|
38
|
+
optional :output, :message, 2, "cerbos.engine.v1.PlanResourcesOutput", json_name: "output"
|
39
|
+
optional :error, :string, 3, json_name: "error"
|
26
40
|
end
|
27
41
|
add_message "cerbos.audit.v1.MetaValues" do
|
28
42
|
repeated :values, :string, 1, json_name: "values"
|
@@ -41,6 +55,8 @@ module Cerbos::Protobuf::Cerbos
|
|
41
55
|
module V1
|
42
56
|
AccessLogEntry = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.audit.v1.AccessLogEntry").msgclass
|
43
57
|
DecisionLogEntry = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.audit.v1.DecisionLogEntry").msgclass
|
58
|
+
DecisionLogEntry::CheckResources = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.audit.v1.DecisionLogEntry.CheckResources").msgclass
|
59
|
+
DecisionLogEntry::PlanResources = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.audit.v1.DecisionLogEntry.PlanResources").msgclass
|
44
60
|
MetaValues = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.audit.v1.MetaValues").msgclass
|
45
61
|
Peer = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.audit.v1.Peer").msgclass
|
46
62
|
end
|
@@ -13,20 +13,70 @@ require 'cerbos/protobuf/validate/validate_pb'
|
|
13
13
|
|
14
14
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
15
15
|
add_file("cerbos/engine/v1/engine.proto", :syntax => :proto3) do
|
16
|
-
add_message "cerbos.engine.v1.
|
16
|
+
add_message "cerbos.engine.v1.PlanResourcesInput" do
|
17
17
|
optional :request_id, :string, 1, json_name: "requestId"
|
18
18
|
optional :action, :string, 2, json_name: "action"
|
19
19
|
optional :principal, :message, 3, "cerbos.engine.v1.Principal", json_name: "principal"
|
20
|
-
optional :resource, :message, 4, "cerbos.engine.v1.
|
20
|
+
optional :resource, :message, 4, "cerbos.engine.v1.PlanResourcesInput.Resource", json_name: "resource"
|
21
21
|
optional :aux_data, :message, 5, "cerbos.engine.v1.AuxData", json_name: "auxData"
|
22
22
|
optional :include_meta, :bool, 6, json_name: "includeMeta"
|
23
23
|
end
|
24
|
-
add_message "cerbos.engine.v1.
|
24
|
+
add_message "cerbos.engine.v1.PlanResourcesInput.Resource" do
|
25
25
|
optional :kind, :string, 1, json_name: "kind"
|
26
26
|
map :attr, :string, :message, 2, "google.protobuf.Value"
|
27
27
|
optional :policy_version, :string, 3, json_name: "policyVersion"
|
28
28
|
optional :scope, :string, 4, json_name: "scope"
|
29
29
|
end
|
30
|
+
add_message "cerbos.engine.v1.PlanResourcesAst" do
|
31
|
+
optional :filter_ast, :message, 1, "cerbos.engine.v1.PlanResourcesAst.Node", json_name: "filterAst"
|
32
|
+
end
|
33
|
+
add_message "cerbos.engine.v1.PlanResourcesAst.Node" do
|
34
|
+
oneof :node do
|
35
|
+
optional :logical_operation, :message, 1, "cerbos.engine.v1.PlanResourcesAst.LogicalOperation", json_name: "logicalOperation"
|
36
|
+
optional :expression, :message, 2, "google.api.expr.v1alpha1.CheckedExpr", json_name: "expression"
|
37
|
+
end
|
38
|
+
end
|
39
|
+
add_message "cerbos.engine.v1.PlanResourcesAst.LogicalOperation" do
|
40
|
+
optional :operator, :enum, 1, "cerbos.engine.v1.PlanResourcesAst.LogicalOperation.Operator", json_name: "operator"
|
41
|
+
repeated :nodes, :message, 2, "cerbos.engine.v1.PlanResourcesAst.Node", json_name: "nodes"
|
42
|
+
end
|
43
|
+
add_enum "cerbos.engine.v1.PlanResourcesAst.LogicalOperation.Operator" do
|
44
|
+
value :OPERATOR_UNSPECIFIED, 0
|
45
|
+
value :OPERATOR_AND, 1
|
46
|
+
value :OPERATOR_OR, 2
|
47
|
+
value :OPERATOR_NOT, 3
|
48
|
+
end
|
49
|
+
add_message "cerbos.engine.v1.PlanResourcesFilter" do
|
50
|
+
optional :kind, :enum, 1, "cerbos.engine.v1.PlanResourcesFilter.Kind", json_name: "kind"
|
51
|
+
optional :condition, :message, 2, "cerbos.engine.v1.PlanResourcesFilter.Expression.Operand", json_name: "condition"
|
52
|
+
end
|
53
|
+
add_message "cerbos.engine.v1.PlanResourcesFilter.Expression" do
|
54
|
+
optional :operator, :string, 1, json_name: "operator"
|
55
|
+
repeated :operands, :message, 2, "cerbos.engine.v1.PlanResourcesFilter.Expression.Operand", json_name: "operands"
|
56
|
+
end
|
57
|
+
add_message "cerbos.engine.v1.PlanResourcesFilter.Expression.Operand" do
|
58
|
+
oneof :node do
|
59
|
+
optional :value, :message, 1, "google.protobuf.Value", json_name: "value"
|
60
|
+
optional :expression, :message, 2, "cerbos.engine.v1.PlanResourcesFilter.Expression", json_name: "expression"
|
61
|
+
optional :variable, :string, 3, json_name: "variable"
|
62
|
+
end
|
63
|
+
end
|
64
|
+
add_enum "cerbos.engine.v1.PlanResourcesFilter.Kind" do
|
65
|
+
value :KIND_UNSPECIFIED, 0
|
66
|
+
value :KIND_ALWAYS_ALLOWED, 1
|
67
|
+
value :KIND_ALWAYS_DENIED, 2
|
68
|
+
value :KIND_CONDITIONAL, 3
|
69
|
+
end
|
70
|
+
add_message "cerbos.engine.v1.PlanResourcesOutput" do
|
71
|
+
optional :request_id, :string, 1, json_name: "requestId"
|
72
|
+
optional :action, :string, 2, json_name: "action"
|
73
|
+
optional :kind, :string, 3, json_name: "kind"
|
74
|
+
optional :policy_version, :string, 4, json_name: "policyVersion"
|
75
|
+
optional :scope, :string, 5, json_name: "scope"
|
76
|
+
optional :filter, :message, 6, "cerbos.engine.v1.PlanResourcesFilter", json_name: "filter"
|
77
|
+
optional :filter_debug, :string, 7, json_name: "filterDebug"
|
78
|
+
repeated :validation_errors, :message, 8, "cerbos.schema.v1.ValidationError", json_name: "validationErrors"
|
79
|
+
end
|
30
80
|
add_message "cerbos.engine.v1.CheckInput" do
|
31
81
|
optional :request_id, :string, 1, json_name: "requestId"
|
32
82
|
optional :resource, :message, 2, "cerbos.engine.v1.Resource", json_name: "resource"
|
@@ -46,30 +96,6 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
46
96
|
optional :policy, :string, 2, json_name: "policy"
|
47
97
|
optional :scope, :string, 3, json_name: "scope"
|
48
98
|
end
|
49
|
-
add_message "cerbos.engine.v1.PlanResourcesOutput" do
|
50
|
-
optional :request_id, :string, 1, json_name: "requestId"
|
51
|
-
optional :action, :string, 2, json_name: "action"
|
52
|
-
optional :kind, :string, 3, json_name: "kind"
|
53
|
-
optional :policy_version, :string, 4, json_name: "policyVersion"
|
54
|
-
optional :scope, :string, 5, json_name: "scope"
|
55
|
-
optional :filter, :message, 6, "cerbos.engine.v1.PlanResourcesOutput.Node", json_name: "filter"
|
56
|
-
end
|
57
|
-
add_message "cerbos.engine.v1.PlanResourcesOutput.Node" do
|
58
|
-
oneof :node do
|
59
|
-
optional :logical_operation, :message, 1, "cerbos.engine.v1.PlanResourcesOutput.LogicalOperation", json_name: "logicalOperation"
|
60
|
-
optional :expression, :message, 2, "google.api.expr.v1alpha1.CheckedExpr", json_name: "expression"
|
61
|
-
end
|
62
|
-
end
|
63
|
-
add_message "cerbos.engine.v1.PlanResourcesOutput.LogicalOperation" do
|
64
|
-
optional :operator, :enum, 1, "cerbos.engine.v1.PlanResourcesOutput.LogicalOperation.Operator", json_name: "operator"
|
65
|
-
repeated :nodes, :message, 2, "cerbos.engine.v1.PlanResourcesOutput.Node", json_name: "nodes"
|
66
|
-
end
|
67
|
-
add_enum "cerbos.engine.v1.PlanResourcesOutput.LogicalOperation.Operator" do
|
68
|
-
value :OPERATOR_UNSPECIFIED, 0
|
69
|
-
value :OPERATOR_AND, 1
|
70
|
-
value :OPERATOR_OR, 2
|
71
|
-
value :OPERATOR_NOT, 3
|
72
|
-
end
|
73
99
|
add_message "cerbos.engine.v1.Resource" do
|
74
100
|
optional :kind, :string, 1, json_name: "kind"
|
75
101
|
optional :policy_version, :string, 2, json_name: "policyVersion"
|
@@ -143,15 +169,20 @@ end
|
|
143
169
|
module Cerbos::Protobuf::Cerbos
|
144
170
|
module Engine
|
145
171
|
module V1
|
146
|
-
|
147
|
-
|
172
|
+
PlanResourcesInput = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.PlanResourcesInput").msgclass
|
173
|
+
PlanResourcesInput::Resource = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.PlanResourcesInput.Resource").msgclass
|
174
|
+
PlanResourcesAst = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.PlanResourcesAst").msgclass
|
175
|
+
PlanResourcesAst::Node = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.PlanResourcesAst.Node").msgclass
|
176
|
+
PlanResourcesAst::LogicalOperation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.PlanResourcesAst.LogicalOperation").msgclass
|
177
|
+
PlanResourcesAst::LogicalOperation::Operator = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.PlanResourcesAst.LogicalOperation.Operator").enummodule
|
178
|
+
PlanResourcesFilter = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.PlanResourcesFilter").msgclass
|
179
|
+
PlanResourcesFilter::Expression = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.PlanResourcesFilter.Expression").msgclass
|
180
|
+
PlanResourcesFilter::Expression::Operand = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.PlanResourcesFilter.Expression.Operand").msgclass
|
181
|
+
PlanResourcesFilter::Kind = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.PlanResourcesFilter.Kind").enummodule
|
182
|
+
PlanResourcesOutput = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.PlanResourcesOutput").msgclass
|
148
183
|
CheckInput = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.CheckInput").msgclass
|
149
184
|
CheckOutput = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.CheckOutput").msgclass
|
150
185
|
CheckOutput::ActionEffect = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.CheckOutput.ActionEffect").msgclass
|
151
|
-
PlanResourcesOutput = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.PlanResourcesOutput").msgclass
|
152
|
-
PlanResourcesOutput::Node = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.PlanResourcesOutput.Node").msgclass
|
153
|
-
PlanResourcesOutput::LogicalOperation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.PlanResourcesOutput.LogicalOperation").msgclass
|
154
|
-
PlanResourcesOutput::LogicalOperation::Operator = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.PlanResourcesOutput.LogicalOperation.Operator").enummodule
|
155
186
|
Resource = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.Resource").msgclass
|
156
187
|
Principal = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.Principal").msgclass
|
157
188
|
AuxData = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.engine.v1.AuxData").msgclass
|
@@ -19,7 +19,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
19
19
|
optional :request_id, :string, 1, json_name: "requestId"
|
20
20
|
optional :action, :string, 2, json_name: "action"
|
21
21
|
optional :principal, :message, 3, "cerbos.engine.v1.Principal", json_name: "principal"
|
22
|
-
optional :resource, :message, 4, "cerbos.engine.v1.
|
22
|
+
optional :resource, :message, 4, "cerbos.engine.v1.PlanResourcesInput.Resource", json_name: "resource"
|
23
23
|
optional :aux_data, :message, 5, "cerbos.request.v1.AuxData", json_name: "auxData"
|
24
24
|
optional :include_meta, :bool, 6, json_name: "includeMeta"
|
25
25
|
end
|
@@ -5,10 +5,10 @@ require 'google/protobuf'
|
|
5
5
|
|
6
6
|
require 'cerbos/protobuf/cerbos/audit/v1/audit_pb'
|
7
7
|
require 'cerbos/protobuf/cerbos/effect/v1/effect_pb'
|
8
|
+
require 'cerbos/protobuf/cerbos/engine/v1/engine_pb'
|
8
9
|
require 'cerbos/protobuf/cerbos/policy/v1/policy_pb'
|
9
10
|
require 'cerbos/protobuf/cerbos/schema/v1/schema_pb'
|
10
11
|
require 'google/protobuf/empty_pb'
|
11
|
-
require 'google/protobuf/struct_pb'
|
12
12
|
require 'cerbos/protobuf/protoc-gen-openapiv2/options/annotations_pb'
|
13
13
|
|
14
14
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
@@ -18,29 +18,9 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
|
|
18
18
|
optional :action, :string, 2, json_name: "action"
|
19
19
|
optional :resource_kind, :string, 3, json_name: "resourceKind"
|
20
20
|
optional :policy_version, :string, 4, json_name: "policyVersion"
|
21
|
-
optional :filter, :message, 5, "cerbos.
|
21
|
+
optional :filter, :message, 5, "cerbos.engine.v1.PlanResourcesFilter", json_name: "filter"
|
22
22
|
optional :meta, :message, 6, "cerbos.response.v1.PlanResourcesResponse.Meta", json_name: "meta"
|
23
|
-
|
24
|
-
add_message "cerbos.response.v1.PlanResourcesResponse.Expression" do
|
25
|
-
optional :operator, :string, 1, json_name: "operator"
|
26
|
-
repeated :operands, :message, 2, "cerbos.response.v1.PlanResourcesResponse.Expression.Operand", json_name: "operands"
|
27
|
-
end
|
28
|
-
add_message "cerbos.response.v1.PlanResourcesResponse.Expression.Operand" do
|
29
|
-
oneof :node do
|
30
|
-
optional :value, :message, 1, "google.protobuf.Value", json_name: "value"
|
31
|
-
optional :expression, :message, 2, "cerbos.response.v1.PlanResourcesResponse.Expression", json_name: "expression"
|
32
|
-
optional :variable, :string, 3, json_name: "variable"
|
33
|
-
end
|
34
|
-
end
|
35
|
-
add_message "cerbos.response.v1.PlanResourcesResponse.Filter" do
|
36
|
-
optional :kind, :enum, 1, "cerbos.response.v1.PlanResourcesResponse.Filter.Kind", json_name: "kind"
|
37
|
-
optional :condition, :message, 2, "cerbos.response.v1.PlanResourcesResponse.Expression.Operand", json_name: "condition"
|
38
|
-
end
|
39
|
-
add_enum "cerbos.response.v1.PlanResourcesResponse.Filter.Kind" do
|
40
|
-
value :KIND_UNSPECIFIED, 0
|
41
|
-
value :KIND_ALWAYS_ALLOWED, 1
|
42
|
-
value :KIND_ALWAYS_DENIED, 2
|
43
|
-
value :KIND_CONDITIONAL, 3
|
23
|
+
repeated :validation_errors, :message, 7, "cerbos.schema.v1.ValidationError", json_name: "validationErrors"
|
44
24
|
end
|
45
25
|
add_message "cerbos.response.v1.PlanResourcesResponse.Meta" do
|
46
26
|
optional :filter_debug, :string, 1, json_name: "filterDebug"
|
@@ -189,10 +169,6 @@ module Cerbos::Protobuf::Cerbos
|
|
189
169
|
module Response
|
190
170
|
module V1
|
191
171
|
PlanResourcesResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.response.v1.PlanResourcesResponse").msgclass
|
192
|
-
PlanResourcesResponse::Expression = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.response.v1.PlanResourcesResponse.Expression").msgclass
|
193
|
-
PlanResourcesResponse::Expression::Operand = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.response.v1.PlanResourcesResponse.Expression.Operand").msgclass
|
194
|
-
PlanResourcesResponse::Filter = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.response.v1.PlanResourcesResponse.Filter").msgclass
|
195
|
-
PlanResourcesResponse::Filter::Kind = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.response.v1.PlanResourcesResponse.Filter.Kind").enummodule
|
196
172
|
PlanResourcesResponse::Meta = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.response.v1.PlanResourcesResponse.Meta").msgclass
|
197
173
|
CheckResourceSetResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.response.v1.CheckResourceSetResponse").msgclass
|
198
174
|
CheckResourceSetResponse::ActionEffectMap = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.response.v1.CheckResourceSetResponse.ActionEffectMap").msgclass
|
@@ -7,93 +7,117 @@ require 'google/protobuf/duration_pb'
|
|
7
7
|
|
8
8
|
Google::Protobuf::DescriptorPool.generated_pool.build do
|
9
9
|
add_file("cerbos/telemetry/v1/telemetry.proto", :syntax => :proto3) do
|
10
|
-
add_message "cerbos.telemetry.v1.
|
10
|
+
add_message "cerbos.telemetry.v1.ServerLaunch" do
|
11
11
|
optional :version, :string, 1, json_name: "version"
|
12
|
-
optional :source, :message, 2, "cerbos.telemetry.v1.
|
13
|
-
optional :features, :message, 3, "cerbos.telemetry.v1.
|
14
|
-
optional :stats, :message, 4, "cerbos.telemetry.v1.
|
12
|
+
optional :source, :message, 2, "cerbos.telemetry.v1.ServerLaunch.Source", json_name: "source"
|
13
|
+
optional :features, :message, 3, "cerbos.telemetry.v1.ServerLaunch.Features", json_name: "features"
|
14
|
+
optional :stats, :message, 4, "cerbos.telemetry.v1.ServerLaunch.Stats", json_name: "stats"
|
15
15
|
end
|
16
|
-
add_message "cerbos.telemetry.v1.
|
16
|
+
add_message "cerbos.telemetry.v1.ServerLaunch.Cerbos" do
|
17
17
|
optional :version, :string, 1, json_name: "version"
|
18
18
|
optional :commit, :string, 2, json_name: "commit"
|
19
19
|
optional :build_date, :string, 3, json_name: "buildDate"
|
20
20
|
optional :module_version, :string, 4, json_name: "moduleVersion"
|
21
21
|
optional :module_checksum, :string, 5, json_name: "moduleChecksum"
|
22
22
|
end
|
23
|
-
add_message "cerbos.telemetry.v1.
|
24
|
-
optional :cerbos, :message, 1, "cerbos.telemetry.v1.
|
23
|
+
add_message "cerbos.telemetry.v1.ServerLaunch.Source" do
|
24
|
+
optional :cerbos, :message, 1, "cerbos.telemetry.v1.ServerLaunch.Cerbos", json_name: "cerbos"
|
25
25
|
optional :os, :string, 2, json_name: "os"
|
26
26
|
optional :arch, :string, 3, json_name: "arch"
|
27
27
|
optional :num_cpus, :uint32, 4, json_name: "numCpus"
|
28
28
|
end
|
29
|
-
add_message "cerbos.telemetry.v1.
|
30
|
-
optional :audit, :message, 1, "cerbos.telemetry.v1.
|
31
|
-
optional :schema, :message, 2, "cerbos.telemetry.v1.
|
32
|
-
optional :admin_api, :message, 3, "cerbos.telemetry.v1.
|
33
|
-
optional :storage, :message, 4, "cerbos.telemetry.v1.
|
29
|
+
add_message "cerbos.telemetry.v1.ServerLaunch.Features" do
|
30
|
+
optional :audit, :message, 1, "cerbos.telemetry.v1.ServerLaunch.Features.Audit", json_name: "audit"
|
31
|
+
optional :schema, :message, 2, "cerbos.telemetry.v1.ServerLaunch.Features.Schema", json_name: "schema"
|
32
|
+
optional :admin_api, :message, 3, "cerbos.telemetry.v1.ServerLaunch.Features.AdminApi", json_name: "adminApi"
|
33
|
+
optional :storage, :message, 4, "cerbos.telemetry.v1.ServerLaunch.Features.Storage", json_name: "storage"
|
34
34
|
end
|
35
|
-
add_message "cerbos.telemetry.v1.
|
35
|
+
add_message "cerbos.telemetry.v1.ServerLaunch.Features.Audit" do
|
36
36
|
optional :enabled, :bool, 1, json_name: "enabled"
|
37
37
|
optional :backend, :string, 2, json_name: "backend"
|
38
38
|
end
|
39
|
-
add_message "cerbos.telemetry.v1.
|
39
|
+
add_message "cerbos.telemetry.v1.ServerLaunch.Features.Schema" do
|
40
40
|
optional :enforcement, :string, 1, json_name: "enforcement"
|
41
41
|
end
|
42
|
-
add_message "cerbos.telemetry.v1.
|
42
|
+
add_message "cerbos.telemetry.v1.ServerLaunch.Features.AdminApi" do
|
43
43
|
optional :enabled, :bool, 1, json_name: "enabled"
|
44
44
|
end
|
45
|
-
add_message "cerbos.telemetry.v1.
|
45
|
+
add_message "cerbos.telemetry.v1.ServerLaunch.Features.Storage" do
|
46
46
|
optional :driver, :string, 1, json_name: "driver"
|
47
47
|
oneof :store do
|
48
|
-
optional :disk, :message, 2, "cerbos.telemetry.v1.
|
49
|
-
optional :git, :message, 3, "cerbos.telemetry.v1.
|
50
|
-
optional :blob, :message, 4, "cerbos.telemetry.v1.
|
48
|
+
optional :disk, :message, 2, "cerbos.telemetry.v1.ServerLaunch.Features.Storage.Disk", json_name: "disk"
|
49
|
+
optional :git, :message, 3, "cerbos.telemetry.v1.ServerLaunch.Features.Storage.Git", json_name: "git"
|
50
|
+
optional :blob, :message, 4, "cerbos.telemetry.v1.ServerLaunch.Features.Storage.Blob", json_name: "blob"
|
51
51
|
end
|
52
52
|
end
|
53
|
-
add_message "cerbos.telemetry.v1.
|
53
|
+
add_message "cerbos.telemetry.v1.ServerLaunch.Features.Storage.Disk" do
|
54
54
|
optional :watch, :bool, 1, json_name: "watch"
|
55
55
|
end
|
56
|
-
add_message "cerbos.telemetry.v1.
|
56
|
+
add_message "cerbos.telemetry.v1.ServerLaunch.Features.Storage.Git" do
|
57
57
|
optional :protocol, :string, 1, json_name: "protocol"
|
58
58
|
optional :auth, :bool, 2, json_name: "auth"
|
59
59
|
optional :poll_interval, :message, 3, "google.protobuf.Duration", json_name: "pollInterval"
|
60
60
|
end
|
61
|
-
add_message "cerbos.telemetry.v1.
|
61
|
+
add_message "cerbos.telemetry.v1.ServerLaunch.Features.Storage.Blob" do
|
62
62
|
optional :provider, :string, 1, json_name: "provider"
|
63
63
|
optional :poll_interval, :message, 2, "google.protobuf.Duration", json_name: "pollInterval"
|
64
64
|
end
|
65
|
-
add_message "cerbos.telemetry.v1.
|
66
|
-
optional :policy, :message, 1, "cerbos.telemetry.v1.
|
67
|
-
optional :schema, :message, 2, "cerbos.telemetry.v1.
|
65
|
+
add_message "cerbos.telemetry.v1.ServerLaunch.Stats" do
|
66
|
+
optional :policy, :message, 1, "cerbos.telemetry.v1.ServerLaunch.Stats.Policy", json_name: "policy"
|
67
|
+
optional :schema, :message, 2, "cerbos.telemetry.v1.ServerLaunch.Stats.Schema", json_name: "schema"
|
68
68
|
end
|
69
|
-
add_message "cerbos.telemetry.v1.
|
69
|
+
add_message "cerbos.telemetry.v1.ServerLaunch.Stats.Policy" do
|
70
70
|
map :count, :string, :uint32, 1
|
71
71
|
map :avg_rule_count, :string, :double, 2
|
72
72
|
map :avg_condition_count, :string, :double, 3
|
73
73
|
end
|
74
|
-
add_message "cerbos.telemetry.v1.
|
74
|
+
add_message "cerbos.telemetry.v1.ServerLaunch.Stats.Schema" do
|
75
75
|
optional :count, :uint32, 1, json_name: "count"
|
76
76
|
end
|
77
|
+
add_message "cerbos.telemetry.v1.ServerStop" do
|
78
|
+
optional :version, :string, 1, json_name: "version"
|
79
|
+
optional :uptime, :message, 2, "google.protobuf.Duration", json_name: "uptime"
|
80
|
+
optional :requests_total, :uint64, 3, json_name: "requestsTotal"
|
81
|
+
end
|
82
|
+
add_message "cerbos.telemetry.v1.Event" do
|
83
|
+
oneof :data do
|
84
|
+
optional :api_activity, :message, 1, "cerbos.telemetry.v1.Event.ApiActivity", json_name: "apiActivity"
|
85
|
+
end
|
86
|
+
end
|
87
|
+
add_message "cerbos.telemetry.v1.Event.CountStat" do
|
88
|
+
optional :key, :string, 1, json_name: "key"
|
89
|
+
optional :count, :uint64, 2, json_name: "count"
|
90
|
+
end
|
91
|
+
add_message "cerbos.telemetry.v1.Event.ApiActivity" do
|
92
|
+
optional :version, :string, 1, json_name: "version"
|
93
|
+
optional :uptime, :message, 2, "google.protobuf.Duration", json_name: "uptime"
|
94
|
+
repeated :method_calls, :message, 3, "cerbos.telemetry.v1.Event.CountStat", json_name: "methodCalls"
|
95
|
+
repeated :user_agents, :message, 4, "cerbos.telemetry.v1.Event.CountStat", json_name: "userAgents"
|
96
|
+
end
|
77
97
|
end
|
78
98
|
end
|
79
99
|
|
80
100
|
module Cerbos::Protobuf::Cerbos
|
81
101
|
module Telemetry
|
82
102
|
module V1
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
103
|
+
ServerLaunch = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.ServerLaunch").msgclass
|
104
|
+
ServerLaunch::Cerbos = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.ServerLaunch.Cerbos").msgclass
|
105
|
+
ServerLaunch::Source = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.ServerLaunch.Source").msgclass
|
106
|
+
ServerLaunch::Features = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.ServerLaunch.Features").msgclass
|
107
|
+
ServerLaunch::Features::Audit = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.ServerLaunch.Features.Audit").msgclass
|
108
|
+
ServerLaunch::Features::Schema = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.ServerLaunch.Features.Schema").msgclass
|
109
|
+
ServerLaunch::Features::AdminApi = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.ServerLaunch.Features.AdminApi").msgclass
|
110
|
+
ServerLaunch::Features::Storage = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.ServerLaunch.Features.Storage").msgclass
|
111
|
+
ServerLaunch::Features::Storage::Disk = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.ServerLaunch.Features.Storage.Disk").msgclass
|
112
|
+
ServerLaunch::Features::Storage::Git = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.ServerLaunch.Features.Storage.Git").msgclass
|
113
|
+
ServerLaunch::Features::Storage::Blob = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.ServerLaunch.Features.Storage.Blob").msgclass
|
114
|
+
ServerLaunch::Stats = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.ServerLaunch.Stats").msgclass
|
115
|
+
ServerLaunch::Stats::Policy = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.ServerLaunch.Stats.Policy").msgclass
|
116
|
+
ServerLaunch::Stats::Schema = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.ServerLaunch.Stats.Schema").msgclass
|
117
|
+
ServerStop = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.ServerStop").msgclass
|
118
|
+
Event = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.Event").msgclass
|
119
|
+
Event::CountStat = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.Event.CountStat").msgclass
|
120
|
+
Event::ApiActivity = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("cerbos.telemetry.v1.Event.ApiActivity").msgclass
|
97
121
|
end
|
98
122
|
end
|
99
123
|
end
|
data/lib/cerbos/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cerbos
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.6.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Cerbos
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-07-01 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: grpc
|
@@ -53,6 +53,7 @@ files:
|
|
53
53
|
- lib/cerbos/output/check_resources.rb
|
54
54
|
- lib/cerbos/output/plan_resources.rb
|
55
55
|
- lib/cerbos/output/server_info.rb
|
56
|
+
- lib/cerbos/output/validation_error.rb
|
56
57
|
- lib/cerbos/protobuf.rb
|
57
58
|
- lib/cerbos/protobuf/cerbos/audit/v1/audit_pb.rb
|
58
59
|
- lib/cerbos/protobuf/cerbos/effect/v1/effect_pb.rb
|
@@ -81,7 +82,7 @@ licenses:
|
|
81
82
|
metadata:
|
82
83
|
bug_tracker_uri: https://github.com/cerbos/cerbos-sdk-ruby/issues
|
83
84
|
changelog_uri: https://github.com/cerbos/cerbos-sdk-ruby/blob/main/CHANGELOG.md
|
84
|
-
documentation_uri: https://www.rubydoc.info/gems/cerbos/0.
|
85
|
+
documentation_uri: https://www.rubydoc.info/gems/cerbos/0.6.0
|
85
86
|
homepage_uri: https://github.com/cerbos/cerbos-sdk-ruby
|
86
87
|
source_code_uri: https://github.com/cerbos/cerbos-sdk-ruby
|
87
88
|
rubygems_mfa_required: 'true'
|
@@ -100,7 +101,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
100
101
|
- !ruby/object:Gem::Version
|
101
102
|
version: '0'
|
102
103
|
requirements: []
|
103
|
-
rubygems_version: 3.3.
|
104
|
+
rubygems_version: 3.3.17
|
104
105
|
signing_key:
|
105
106
|
specification_version: 4
|
106
107
|
summary: Client library for authorization via Cerbos
|