cerbos 0.2.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -1
- data/lib/cerbos/client.rb +20 -1
- data/lib/cerbos/output/check_resources.rb +18 -1
- data/lib/cerbos/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 41c6a1f790cc09bff5f0c542d5338161730c4c649e66074afb381af8581637d3
|
|
4
|
+
data.tar.gz: f7fbd30bc55b357b1a0a77d1da2e48d06cf9af1fe4cfc44947c879e661a81768
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e0bbda1a092e1ec55fe9565765609fd0ed3dd77a4fa12f627cddbb1b7b48177d423114a9e8d21a454e2fcfd9257e6ce82da303f4f3df82d2d24d766519734100
|
|
7
|
+
data.tar.gz: 525b97f8aee44d35fe4039ab75ecad4315f79fedd0f2ad94a2b308fa99700579e8800009a38735ebdfc3a9f462aae230f71ef637ab682fc461c2d40cb6a897cb
|
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,12 @@
|
|
|
1
1
|
## [Unreleased]
|
|
2
2
|
No notable changes.
|
|
3
3
|
|
|
4
|
+
## [0.3.0] - 2022-05-13
|
|
5
|
+
### Added
|
|
6
|
+
- More helper methods ([#11](https://github.com/cerbos/cerbos-sdk-ruby/pull/11))
|
|
7
|
+
- `Cerbos::Client#allow?` for checking a single action on a resource
|
|
8
|
+
- `Cerbos::Output::CheckResources#allow_all?` and `Cerbos::Output::CheckResources::Result#allow_all?` for checking if all input actions were allowed
|
|
9
|
+
|
|
4
10
|
## [0.2.0] - 2022-05-12
|
|
5
11
|
### Changed
|
|
6
12
|
- Increased `grpc` version requirement to 1.46+ to avoid [installing a native gem compiled for `x86_64-darwin` on `arm64-darwin`](https://github.com/grpc/grpc/issues/29100) ([#8](https://github.com/cerbos/cerbos-sdk-ruby/pull/8))
|
|
@@ -9,6 +15,7 @@ No notable changes.
|
|
|
9
15
|
### Added
|
|
10
16
|
- Initial implementation of `Cerbos::Client` ([#2](https://github.com/cerbos/cerbos-sdk-ruby/pull/2))
|
|
11
17
|
|
|
12
|
-
[Unreleased]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.
|
|
18
|
+
[Unreleased]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.3.0...HEAD
|
|
19
|
+
[0.3.0]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.2.0...v0.3.0
|
|
13
20
|
[0.2.0]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.1.0...v0.2.0
|
|
14
21
|
[0.1.0]: https://github.com/cerbos/cerbos-sdk-ruby/compare/4481009e9dec2e1e6a2df8ea2f828690ceabbefc...v0.1.0
|
data/lib/cerbos/client.rb
CHANGED
|
@@ -44,11 +44,30 @@ module Cerbos
|
|
|
44
44
|
end
|
|
45
45
|
end
|
|
46
46
|
|
|
47
|
+
# Check if a principal is allowed to perform an action on a resource.
|
|
48
|
+
#
|
|
49
|
+
# @param principal [Input::Principal, Hash] the principal to check.
|
|
50
|
+
# @param resource [Input::Resource, Hash] the resource to check.
|
|
51
|
+
# @param action [String] the action to check.
|
|
52
|
+
# @param aux_data [Input::AuxData, Hash, nil] auxiliary data.
|
|
53
|
+
# @param request_id [String] identifier for tracing the request.
|
|
54
|
+
#
|
|
55
|
+
# @return [Boolean]
|
|
56
|
+
def allow?(principal:, resource:, action:, aux_data: nil, request_id: SecureRandom.uuid)
|
|
57
|
+
check_resource(
|
|
58
|
+
principal: principal,
|
|
59
|
+
resource: resource,
|
|
60
|
+
actions: [action],
|
|
61
|
+
aux_data: aux_data,
|
|
62
|
+
request_id: request_id
|
|
63
|
+
).allow?(action)
|
|
64
|
+
end
|
|
65
|
+
|
|
47
66
|
# Check a principal's permissions on a resource.
|
|
48
67
|
#
|
|
49
68
|
# @param principal [Input::Principal, Hash] the principal to check.
|
|
50
69
|
# @param resource [Input::Resource, Hash] the resource to check.
|
|
51
|
-
# @param actions [
|
|
70
|
+
# @param actions [Array<String>] the actions to check.
|
|
52
71
|
# @param aux_data [Input::AuxData, Hash, nil] auxiliary data.
|
|
53
72
|
# @param include_metadata [Boolean] `true` to include additional metadata ({Output::CheckResources::Result::Metadata}) in the results.
|
|
54
73
|
# @param request_id [String] identifier for tracing the request.
|
|
@@ -23,7 +23,7 @@ module Cerbos
|
|
|
23
23
|
)
|
|
24
24
|
end
|
|
25
25
|
|
|
26
|
-
# Check the policy decision was that an action should be allowed for a resource.
|
|
26
|
+
# Check if the policy decision was that an action should be allowed for a resource.
|
|
27
27
|
#
|
|
28
28
|
# @param resource [Input::Resource, Hash] the resource search criteria (see {#find_result}).
|
|
29
29
|
# @param action [String] the action to check.
|
|
@@ -34,6 +34,16 @@ module Cerbos
|
|
|
34
34
|
find_result(resource)&.allow?(action)
|
|
35
35
|
end
|
|
36
36
|
|
|
37
|
+
# Check if the policy decision was that all input actions should be allowed for a resource.
|
|
38
|
+
#
|
|
39
|
+
# @param resource [Input::Resource, Hash] the resource search criteria (see {#find_result}).
|
|
40
|
+
#
|
|
41
|
+
# @return [Boolean]
|
|
42
|
+
# @return [nil] if the resource is not present in the results.
|
|
43
|
+
def allow_all?(resource)
|
|
44
|
+
find_result(resource)&.allow_all?
|
|
45
|
+
end
|
|
46
|
+
|
|
37
47
|
# Find an item from {#results} by resource.
|
|
38
48
|
#
|
|
39
49
|
# @param resource [Input::Resource, Hash] the resource search criteria. `kind` and `id` are required; `policy_version` and `scope` may also be provided if needed to distinguish between multiple results for the same `kind` and `id`.
|
|
@@ -95,6 +105,13 @@ module Cerbos
|
|
|
95
105
|
actions[action]&.eql?(:EFFECT_ALLOW)
|
|
96
106
|
end
|
|
97
107
|
|
|
108
|
+
# Check if the policy decision was that all input actions should be allowed for the resource.
|
|
109
|
+
#
|
|
110
|
+
# @return [Boolean]
|
|
111
|
+
def allow_all?
|
|
112
|
+
actions.each_value.all? { |effect| effect == :EFFECT_ALLOW }
|
|
113
|
+
end
|
|
114
|
+
|
|
98
115
|
# List the actions that should be allowed for the resource.
|
|
99
116
|
#
|
|
100
117
|
# @return [Array<String>]
|
data/lib/cerbos/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cerbos
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Cerbos
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-05-
|
|
11
|
+
date: 2022-05-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: grpc
|
|
@@ -81,7 +81,7 @@ licenses:
|
|
|
81
81
|
metadata:
|
|
82
82
|
bug_tracker_uri: https://github.com/cerbos/cerbos-sdk-ruby/issues
|
|
83
83
|
changelog_uri: https://github.com/cerbos/cerbos-sdk-ruby/blob/main/CHANGELOG.md
|
|
84
|
-
documentation_uri: https://www.rubydoc.info/gems/cerbos/0.
|
|
84
|
+
documentation_uri: https://www.rubydoc.info/gems/cerbos/0.3.0
|
|
85
85
|
homepage_uri: https://github.com/cerbos/cerbos-sdk-ruby
|
|
86
86
|
source_code_uri: https://github.com/cerbos/cerbos-sdk-ruby
|
|
87
87
|
rubygems_mfa_required: 'true'
|