cerbos 0.5.0 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e1c86d3d658d13d5226bad856d440ce3a511e260fb7c7a1d0df57ab6c1368584
-  data.tar.gz: b776cb441ca8011e80c43fa2647aa36e7640873290086c3b04cd6233b0192f4c
+  metadata.gz: e21f0359fb0e125e0e3a6d4ecf9ac0c12e254ab464b4ad67e8d6213fd2974ed5
+  data.tar.gz: a959dfdc08af3b960b58cd78c953925fba3b88b5db915bb30f94d3f32b810cb9
 SHA512:
-  metadata.gz: b13e093563c7ad60ac1b524dffee33b22fb1d553b433d0927063ff61b4ba10b2aa3516ac309f03384848b40913776605ea7b922fce906d2c6dbe43f8c175dd19
-  data.tar.gz: '039c5611d71e663451ecb192efaa91fe63a09f81de902b21ec67dee270374170e0fd08db61eee9b3b43283bca8299cd362bccb16a010670e77f9017ecf0a5932'
+  metadata.gz: 7e89b9ec5168b7215d9b9c1ad86ed8a34404f3cd3db2b6bf44889b319fc3ab5520d2ea5eb74f22e99d955e544cfb43ca925dc597763c8ae782a645ee5b086c4b
+  data.tar.gz: e7ddf0d6071cd1ac4f607617b95e0987d11d72d34feeda6742d034f2ff212ca01dd0ef57abb94e2d54e578cd5bd5929e0ff2dab3844835cad557b9b9b062b10e

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 ## [Unreleased]
 No notable changes.
 
+## [0.6.0] - 2022-07-01
+### Added
+- Support for schema validation in `Cerbos::Client#plan_resources` ([#32](https://github.com/cerbos/cerbos-sdk-ruby/pull/32))
+
+  Requires Cerbos 0.19+.
+  `Cerbos::Output::PlanResources#validation_errors` will always return an empty array if the client is connected to an earlier version of Cerbos.
+
+  As a result, `Cerbos::Output::CheckResources::Result::ValidationError` has moved to `Cerbos::Output::ValidationError`.
+  Attempting to access the class via the old namespace will print a deprecation warning and return the new class.
+
 ## [0.5.0] - 2022-06-09
 ### Added
 - Allow symbol keys in nested attributes hashes ([#28](https://github.com/cerbos/cerbos-sdk-ruby/pull/28))
@@ -26,7 +36,8 @@ No notable changes.
 ### Added
 - Initial implementation of `Cerbos::Client` ([#2](https://github.com/cerbos/cerbos-sdk-ruby/pull/2))
 
-[Unreleased]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.5.0...HEAD
+[Unreleased]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.6.0...HEAD
+[0.6.0]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.5.0...v0.6.0
 [0.5.0]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.4.0...v0.5.0
 [0.4.0]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.3.0...v0.4.0
 [0.3.0]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.2.0...v0.3.0

data/lib/cerbos/client.rb

@@ -187,7 +187,9 @@ module Cerbos
 
         response = perform_request(@cerbos_service, :plan_resources, request)
 
-        Output::PlanResources.from_protobuf(response)
+        Output::PlanResources.from_protobuf(response).tap do |output|
+          handle_validation_errors output
+        end
       end
     end
 
@@ -221,7 +223,7 @@ module Cerbos
     def handle_validation_errors(output)
       return if @on_validation_error == :return
 
-      validation_errors = output.results.flat_map(&:validation_errors)
+      validation_errors = output.validation_errors
       return if validation_errors.empty?
 
       raise Error::ValidationFailed.new(validation_errors) if @on_validation_error == :raise

data/lib/cerbos/output/check_resources.rb

@@ -55,6 +55,13 @@ module Cerbos
         results.find { |result| matching_resource?(search, result.resource) }
       end
 
+      # List unique schema validation errors for the principal or resource attributes.
+      #
+      # @return [Array<ValidationError>]
+      def validation_errors
+        results.flat_map(&:validation_errors).uniq
+      end
+
       private
 
       def matching_resource?(search, candidate)
@@ -88,11 +95,21 @@ module Cerbos
       #   @return [Metadata]
       #   @return [nil] if `include_metadata` was `false`.
 
+      # @private
+      def self.const_missing(const)
+        if const == :ValidationError
+          warn "#{name}::ValidationError is deprecated; use #{ValidationError.name} instead (called from #{caller(1..1).first})"
+          return ValidationError
+        end
+
+        super
+      end
+
       def self.from_protobuf(entry)
         new(
           resource: CheckResources::Result::Resource.from_protobuf(entry.resource),
           actions: entry.actions.to_h,
-          validation_errors: (entry.validation_errors || []).map { |validation_error| CheckResources::Result::ValidationError.from_protobuf(validation_error) },
+          validation_errors: (entry.validation_errors || []).map { |validation_error| ValidationError.from_protobuf(validation_error) },
           metadata: CheckResources::Result::Metadata.from_protobuf(entry.meta)
         )
       end
@@ -154,46 +171,6 @@ module Cerbos
       end
     end
 
-    # An error that occurred while validating the principal or resource attributes against a schema.
-    CheckResources::Result::ValidationError = Output.new_class(:path, :message, :source) do
-      # @!attribute [r] path
-      #   The path to the attribute that failed validation.
-      #
-      #   @return [String]
-
-      # @!attribute [r] message
-      #   The error message.
-      #
-      #   @return [String]
-
-      # @!attribute [r] source
-      #   The source of the invalid attributes.
-      #
-      #   @return [:SOURCE_PRINCIPAL, :SOURCE_RESOURCE]
-
-      def self.from_protobuf(validation_error)
-        new(
-          path: validation_error.path,
-          message: validation_error.message,
-          source: validation_error.source
-        )
-      end
-
-      # Check if the principal's attributes failed schema validation.
-      #
-      # @return [Boolean]
-      def from_principal?
-        source == :SOURCE_PRINCIPAL
-      end
-
-      # Check if the resource's attributes failed schema validation.
-      #
-      # @return [Boolean]
-      def from_resource?
-        source == :SOURCE_RESOURCE
-      end
-    end
-
     # Additional information about how policy decisions were reached.
     CheckResources::Result::Metadata = Output.new_class(:actions, :effective_derived_roles) do
       # @!attribute [r] actions

data/lib/cerbos/output/plan_resources.rb

@@ -5,7 +5,7 @@ module Cerbos
     # A query plan that can be used to obtain a list of resources on which a principal is allowed to perform a particular action.
     #
     # @see Client#plan_resources
-    PlanResources = Output.new_class(:request_id, :kind, :condition, :metadata) do
+    PlanResources = Output.new_class(:request_id, :kind, :condition, :validation_errors, :metadata) do
       # @!attribute [r] request_id
       #   The identifier for tracing the request.
       #
@@ -26,6 +26,11 @@ module Cerbos
       #   @see #always_denied?
       #   @see #conditional?
 
+      # @!attribute [r] validation_errors
+      #   Any schema validation errors for the principal or resource attributes.
+      #
+      #   @return [Array<ValidationError>]
+
       # @!attribute [r] metadata
       #   Additional information about the query plan.
       #
@@ -37,6 +42,7 @@ module Cerbos
           request_id: plan_resources.request_id,
           kind: plan_resources.filter.kind,
           condition: PlanResources::Expression::Operand.from_protobuf(plan_resources.filter.condition),
+          validation_errors: (plan_resources.validation_errors || []).map { |validation_error| ValidationError.from_protobuf(validation_error) },
           metadata: PlanResources::Metadata.from_protobuf(plan_resources.meta)
         )
       end

data/lib/cerbos/output/validation_error.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+module Cerbos
+  module Output
+    # An error that occurred while validating the principal or resource attributes against a schema.
+    ValidationError = Output.new_class(:path, :message, :source) do
+      # @!attribute [r] path
+      #   The path to the attribute that failed validation.
+      #
+      #   @return [String]
+
+      # @!attribute [r] message
+      #   The error message.
+      #
+      #   @return [String]
+
+      # @!attribute [r] source
+      #   The source of the invalid attributes.
+      #
+      #   @return [:SOURCE_PRINCIPAL, :SOURCE_RESOURCE]
+
+      def self.from_protobuf(validation_error)
+        new(
+          path: validation_error.path,
+          message: validation_error.message,
+          source: validation_error.source
+        )
+      end
+
+      # Check if the principal's attributes failed schema validation.
+      #
+      # @return [Boolean]
+      def from_principal?
+        source == :SOURCE_PRINCIPAL
+      end
+
+      # Check if the resource's attributes failed schema validation.
+      #
+      # @return [Boolean]
+      def from_resource?
+        source == :SOURCE_RESOURCE
+      end
+    end
+  end
+end

data/lib/cerbos/output.rb

@@ -32,6 +32,7 @@ module Cerbos
   end
 end
 
+require_relative "output/validation_error"
 require_relative "output/check_resources"
 require_relative "output/plan_resources"
 require_relative "output/server_info"

data/lib/cerbos/protobuf/cerbos/engine/v1/engine_pb.rb

@@ -75,6 +75,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :scope, :string, 5, json_name: "scope"
       optional :filter, :message, 6, "cerbos.engine.v1.PlanResourcesFilter", json_name: "filter"
       optional :filter_debug, :string, 7, json_name: "filterDebug"
+      repeated :validation_errors, :message, 8, "cerbos.schema.v1.ValidationError", json_name: "validationErrors"
     end
     add_message "cerbos.engine.v1.CheckInput" do
       optional :request_id, :string, 1, json_name: "requestId"

data/lib/cerbos/protobuf/cerbos/response/v1/response_pb.rb

@@ -20,6 +20,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :policy_version, :string, 4, json_name: "policyVersion"
       optional :filter, :message, 5, "cerbos.engine.v1.PlanResourcesFilter", json_name: "filter"
       optional :meta, :message, 6, "cerbos.response.v1.PlanResourcesResponse.Meta", json_name: "meta"
+      repeated :validation_errors, :message, 7, "cerbos.schema.v1.ValidationError", json_name: "validationErrors"
     end
     add_message "cerbos.response.v1.PlanResourcesResponse.Meta" do
       optional :filter_debug, :string, 1, json_name: "filterDebug"

data/lib/cerbos/version.rb

@@ -2,5 +2,5 @@
 
 module Cerbos
   # Current version of the `cerbos` gem.
-  VERSION = "0.5.0"
+  VERSION = "0.6.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cerbos
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.6.0
 platform: ruby
 authors:
 - Cerbos
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-06-09 00:00:00.000000000 Z
+date: 2022-07-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: grpc
@@ -53,6 +53,7 @@ files:
 - lib/cerbos/output/check_resources.rb
 - lib/cerbos/output/plan_resources.rb
 - lib/cerbos/output/server_info.rb
+- lib/cerbos/output/validation_error.rb
 - lib/cerbos/protobuf.rb
 - lib/cerbos/protobuf/cerbos/audit/v1/audit_pb.rb
 - lib/cerbos/protobuf/cerbos/effect/v1/effect_pb.rb
@@ -81,7 +82,7 @@ licenses:
 metadata:
   bug_tracker_uri: https://github.com/cerbos/cerbos-sdk-ruby/issues
   changelog_uri: https://github.com/cerbos/cerbos-sdk-ruby/blob/main/CHANGELOG.md
-  documentation_uri: https://www.rubydoc.info/gems/cerbos/0.5.0
+  documentation_uri: https://www.rubydoc.info/gems/cerbos/0.6.0
   homepage_uri: https://github.com/cerbos/cerbos-sdk-ruby
   source_code_uri: https://github.com/cerbos/cerbos-sdk-ruby
   rubygems_mfa_required: 'true'
@@ -100,7 +101,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.13
+rubygems_version: 3.3.17
 signing_key:
 specification_version: 4
 summary: Client library for authorization via Cerbos