cerbos 0.5.0 → 0.6.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e1c86d3d658d13d5226bad856d440ce3a511e260fb7c7a1d0df57ab6c1368584
4
- data.tar.gz: b776cb441ca8011e80c43fa2647aa36e7640873290086c3b04cd6233b0192f4c
3
+ metadata.gz: e21f0359fb0e125e0e3a6d4ecf9ac0c12e254ab464b4ad67e8d6213fd2974ed5
4
+ data.tar.gz: a959dfdc08af3b960b58cd78c953925fba3b88b5db915bb30f94d3f32b810cb9
5
5
  SHA512:
6
- metadata.gz: b13e093563c7ad60ac1b524dffee33b22fb1d553b433d0927063ff61b4ba10b2aa3516ac309f03384848b40913776605ea7b922fce906d2c6dbe43f8c175dd19
7
- data.tar.gz: '039c5611d71e663451ecb192efaa91fe63a09f81de902b21ec67dee270374170e0fd08db61eee9b3b43283bca8299cd362bccb16a010670e77f9017ecf0a5932'
6
+ metadata.gz: 7e89b9ec5168b7215d9b9c1ad86ed8a34404f3cd3db2b6bf44889b319fc3ab5520d2ea5eb74f22e99d955e544cfb43ca925dc597763c8ae782a645ee5b086c4b
7
+ data.tar.gz: e7ddf0d6071cd1ac4f607617b95e0987d11d72d34feeda6742d034f2ff212ca01dd0ef57abb94e2d54e578cd5bd5929e0ff2dab3844835cad557b9b9b062b10e
data/CHANGELOG.md CHANGED
@@ -1,6 +1,16 @@
1
1
  ## [Unreleased]
2
2
  No notable changes.
3
3
 
4
+ ## [0.6.0] - 2022-07-01
5
+ ### Added
6
+ - Support for schema validation in `Cerbos::Client#plan_resources` ([#32](https://github.com/cerbos/cerbos-sdk-ruby/pull/32))
7
+
8
+ Requires Cerbos 0.19+.
9
+ `Cerbos::Output::PlanResources#validation_errors` will always return an empty array if the client is connected to an earlier version of Cerbos.
10
+
11
+ As a result, `Cerbos::Output::CheckResources::Result::ValidationError` has moved to `Cerbos::Output::ValidationError`.
12
+ Attempting to access the class via the old namespace will print a deprecation warning and return the new class.
13
+
4
14
  ## [0.5.0] - 2022-06-09
5
15
  ### Added
6
16
  - Allow symbol keys in nested attributes hashes ([#28](https://github.com/cerbos/cerbos-sdk-ruby/pull/28))
@@ -26,7 +36,8 @@ No notable changes.
26
36
  ### Added
27
37
  - Initial implementation of `Cerbos::Client` ([#2](https://github.com/cerbos/cerbos-sdk-ruby/pull/2))
28
38
 
29
- [Unreleased]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.5.0...HEAD
39
+ [Unreleased]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.6.0...HEAD
40
+ [0.6.0]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.5.0...v0.6.0
30
41
  [0.5.0]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.4.0...v0.5.0
31
42
  [0.4.0]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.3.0...v0.4.0
32
43
  [0.3.0]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.2.0...v0.3.0
data/lib/cerbos/client.rb CHANGED
@@ -187,7 +187,9 @@ module Cerbos
187
187
 
188
188
  response = perform_request(@cerbos_service, :plan_resources, request)
189
189
 
190
- Output::PlanResources.from_protobuf(response)
190
+ Output::PlanResources.from_protobuf(response).tap do |output|
191
+ handle_validation_errors output
192
+ end
191
193
  end
192
194
  end
193
195
 
@@ -221,7 +223,7 @@ module Cerbos
221
223
  def handle_validation_errors(output)
222
224
  return if @on_validation_error == :return
223
225
 
224
- validation_errors = output.results.flat_map(&:validation_errors)
226
+ validation_errors = output.validation_errors
225
227
  return if validation_errors.empty?
226
228
 
227
229
  raise Error::ValidationFailed.new(validation_errors) if @on_validation_error == :raise
@@ -55,6 +55,13 @@ module Cerbos
55
55
  results.find { |result| matching_resource?(search, result.resource) }
56
56
  end
57
57
 
58
+ # List unique schema validation errors for the principal or resource attributes.
59
+ #
60
+ # @return [Array<ValidationError>]
61
+ def validation_errors
62
+ results.flat_map(&:validation_errors).uniq
63
+ end
64
+
58
65
  private
59
66
 
60
67
  def matching_resource?(search, candidate)
@@ -88,11 +95,21 @@ module Cerbos
88
95
  # @return [Metadata]
89
96
  # @return [nil] if `include_metadata` was `false`.
90
97
 
98
+ # @private
99
+ def self.const_missing(const)
100
+ if const == :ValidationError
101
+ warn "#{name}::ValidationError is deprecated; use #{ValidationError.name} instead (called from #{caller(1..1).first})"
102
+ return ValidationError
103
+ end
104
+
105
+ super
106
+ end
107
+
91
108
  def self.from_protobuf(entry)
92
109
  new(
93
110
  resource: CheckResources::Result::Resource.from_protobuf(entry.resource),
94
111
  actions: entry.actions.to_h,
95
- validation_errors: (entry.validation_errors || []).map { |validation_error| CheckResources::Result::ValidationError.from_protobuf(validation_error) },
112
+ validation_errors: (entry.validation_errors || []).map { |validation_error| ValidationError.from_protobuf(validation_error) },
96
113
  metadata: CheckResources::Result::Metadata.from_protobuf(entry.meta)
97
114
  )
98
115
  end
@@ -154,46 +171,6 @@ module Cerbos
154
171
  end
155
172
  end
156
173
 
157
- # An error that occurred while validating the principal or resource attributes against a schema.
158
- CheckResources::Result::ValidationError = Output.new_class(:path, :message, :source) do
159
- # @!attribute [r] path
160
- # The path to the attribute that failed validation.
161
- #
162
- # @return [String]
163
-
164
- # @!attribute [r] message
165
- # The error message.
166
- #
167
- # @return [String]
168
-
169
- # @!attribute [r] source
170
- # The source of the invalid attributes.
171
- #
172
- # @return [:SOURCE_PRINCIPAL, :SOURCE_RESOURCE]
173
-
174
- def self.from_protobuf(validation_error)
175
- new(
176
- path: validation_error.path,
177
- message: validation_error.message,
178
- source: validation_error.source
179
- )
180
- end
181
-
182
- # Check if the principal's attributes failed schema validation.
183
- #
184
- # @return [Boolean]
185
- def from_principal?
186
- source == :SOURCE_PRINCIPAL
187
- end
188
-
189
- # Check if the resource's attributes failed schema validation.
190
- #
191
- # @return [Boolean]
192
- def from_resource?
193
- source == :SOURCE_RESOURCE
194
- end
195
- end
196
-
197
174
  # Additional information about how policy decisions were reached.
198
175
  CheckResources::Result::Metadata = Output.new_class(:actions, :effective_derived_roles) do
199
176
  # @!attribute [r] actions
@@ -5,7 +5,7 @@ module Cerbos
5
5
  # A query plan that can be used to obtain a list of resources on which a principal is allowed to perform a particular action.
6
6
  #
7
7
  # @see Client#plan_resources
8
- PlanResources = Output.new_class(:request_id, :kind, :condition, :metadata) do
8
+ PlanResources = Output.new_class(:request_id, :kind, :condition, :validation_errors, :metadata) do
9
9
  # @!attribute [r] request_id
10
10
  # The identifier for tracing the request.
11
11
  #
@@ -26,6 +26,11 @@ module Cerbos
26
26
  # @see #always_denied?
27
27
  # @see #conditional?
28
28
 
29
+ # @!attribute [r] validation_errors
30
+ # Any schema validation errors for the principal or resource attributes.
31
+ #
32
+ # @return [Array<ValidationError>]
33
+
29
34
  # @!attribute [r] metadata
30
35
  # Additional information about the query plan.
31
36
  #
@@ -37,6 +42,7 @@ module Cerbos
37
42
  request_id: plan_resources.request_id,
38
43
  kind: plan_resources.filter.kind,
39
44
  condition: PlanResources::Expression::Operand.from_protobuf(plan_resources.filter.condition),
45
+ validation_errors: (plan_resources.validation_errors || []).map { |validation_error| ValidationError.from_protobuf(validation_error) },
40
46
  metadata: PlanResources::Metadata.from_protobuf(plan_resources.meta)
41
47
  )
42
48
  end
@@ -0,0 +1,45 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Cerbos
4
+ module Output
5
+ # An error that occurred while validating the principal or resource attributes against a schema.
6
+ ValidationError = Output.new_class(:path, :message, :source) do
7
+ # @!attribute [r] path
8
+ # The path to the attribute that failed validation.
9
+ #
10
+ # @return [String]
11
+
12
+ # @!attribute [r] message
13
+ # The error message.
14
+ #
15
+ # @return [String]
16
+
17
+ # @!attribute [r] source
18
+ # The source of the invalid attributes.
19
+ #
20
+ # @return [:SOURCE_PRINCIPAL, :SOURCE_RESOURCE]
21
+
22
+ def self.from_protobuf(validation_error)
23
+ new(
24
+ path: validation_error.path,
25
+ message: validation_error.message,
26
+ source: validation_error.source
27
+ )
28
+ end
29
+
30
+ # Check if the principal's attributes failed schema validation.
31
+ #
32
+ # @return [Boolean]
33
+ def from_principal?
34
+ source == :SOURCE_PRINCIPAL
35
+ end
36
+
37
+ # Check if the resource's attributes failed schema validation.
38
+ #
39
+ # @return [Boolean]
40
+ def from_resource?
41
+ source == :SOURCE_RESOURCE
42
+ end
43
+ end
44
+ end
45
+ end
data/lib/cerbos/output.rb CHANGED
@@ -32,6 +32,7 @@ module Cerbos
32
32
  end
33
33
  end
34
34
 
35
+ require_relative "output/validation_error"
35
36
  require_relative "output/check_resources"
36
37
  require_relative "output/plan_resources"
37
38
  require_relative "output/server_info"
@@ -75,6 +75,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
75
75
  optional :scope, :string, 5, json_name: "scope"
76
76
  optional :filter, :message, 6, "cerbos.engine.v1.PlanResourcesFilter", json_name: "filter"
77
77
  optional :filter_debug, :string, 7, json_name: "filterDebug"
78
+ repeated :validation_errors, :message, 8, "cerbos.schema.v1.ValidationError", json_name: "validationErrors"
78
79
  end
79
80
  add_message "cerbos.engine.v1.CheckInput" do
80
81
  optional :request_id, :string, 1, json_name: "requestId"
@@ -20,6 +20,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
20
20
  optional :policy_version, :string, 4, json_name: "policyVersion"
21
21
  optional :filter, :message, 5, "cerbos.engine.v1.PlanResourcesFilter", json_name: "filter"
22
22
  optional :meta, :message, 6, "cerbos.response.v1.PlanResourcesResponse.Meta", json_name: "meta"
23
+ repeated :validation_errors, :message, 7, "cerbos.schema.v1.ValidationError", json_name: "validationErrors"
23
24
  end
24
25
  add_message "cerbos.response.v1.PlanResourcesResponse.Meta" do
25
26
  optional :filter_debug, :string, 1, json_name: "filterDebug"
@@ -2,5 +2,5 @@
2
2
 
3
3
  module Cerbos
4
4
  # Current version of the `cerbos` gem.
5
- VERSION = "0.5.0"
5
+ VERSION = "0.6.0"
6
6
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cerbos
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.0
4
+ version: 0.6.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Cerbos
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-06-09 00:00:00.000000000 Z
11
+ date: 2022-07-01 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: grpc
@@ -53,6 +53,7 @@ files:
53
53
  - lib/cerbos/output/check_resources.rb
54
54
  - lib/cerbos/output/plan_resources.rb
55
55
  - lib/cerbos/output/server_info.rb
56
+ - lib/cerbos/output/validation_error.rb
56
57
  - lib/cerbos/protobuf.rb
57
58
  - lib/cerbos/protobuf/cerbos/audit/v1/audit_pb.rb
58
59
  - lib/cerbos/protobuf/cerbos/effect/v1/effect_pb.rb
@@ -81,7 +82,7 @@ licenses:
81
82
  metadata:
82
83
  bug_tracker_uri: https://github.com/cerbos/cerbos-sdk-ruby/issues
83
84
  changelog_uri: https://github.com/cerbos/cerbos-sdk-ruby/blob/main/CHANGELOG.md
84
- documentation_uri: https://www.rubydoc.info/gems/cerbos/0.5.0
85
+ documentation_uri: https://www.rubydoc.info/gems/cerbos/0.6.0
85
86
  homepage_uri: https://github.com/cerbos/cerbos-sdk-ruby
86
87
  source_code_uri: https://github.com/cerbos/cerbos-sdk-ruby
87
88
  rubygems_mfa_required: 'true'
@@ -100,7 +101,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
100
101
  - !ruby/object:Gem::Version
101
102
  version: '0'
102
103
  requirements: []
103
- rubygems_version: 3.3.13
104
+ rubygems_version: 3.3.17
104
105
  signing_key:
105
106
  specification_version: 4
106
107
  summary: Client library for authorization via Cerbos