cerbos 0.2.0 → 0.3.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 93f2bb2c6e0ffb8fc9e59238a36388b706ae790057473f62c51b181a30c1ec93
4
- data.tar.gz: 91e8c713dac8b1f7f89245b53463f3f8098af17ade471249d10c0fae5e4cabfe
3
+ metadata.gz: 41c6a1f790cc09bff5f0c542d5338161730c4c649e66074afb381af8581637d3
4
+ data.tar.gz: f7fbd30bc55b357b1a0a77d1da2e48d06cf9af1fe4cfc44947c879e661a81768
5
5
  SHA512:
6
- metadata.gz: 2224efcc85af2a8238c946f44d853985cd3ce5d9b5c0c913992eaad7b738bc196c2fc88f985ae3ea38b3d03f6c72dcc851af77586e2628b6f80773db6d49894e
7
- data.tar.gz: 9ac45962052d139c904134eafb42dce8ac781af74a4041d22950ba4a997da1cf02e55e55462ff8237da0e916e56909822631dcc0be5a2873e933cbd6900a6e71
6
+ metadata.gz: e0bbda1a092e1ec55fe9565765609fd0ed3dd77a4fa12f627cddbb1b7b48177d423114a9e8d21a454e2fcfd9257e6ce82da303f4f3df82d2d24d766519734100
7
+ data.tar.gz: 525b97f8aee44d35fe4039ab75ecad4315f79fedd0f2ad94a2b308fa99700579e8800009a38735ebdfc3a9f462aae230f71ef637ab682fc461c2d40cb6a897cb
data/CHANGELOG.md CHANGED
@@ -1,6 +1,12 @@
1
1
  ## [Unreleased]
2
2
  No notable changes.
3
3
 
4
+ ## [0.3.0] - 2022-05-13
5
+ ### Added
6
+ - More helper methods ([#11](https://github.com/cerbos/cerbos-sdk-ruby/pull/11))
7
+ - `Cerbos::Client#allow?` for checking a single action on a resource
8
+ - `Cerbos::Output::CheckResources#allow_all?` and `Cerbos::Output::CheckResources::Result#allow_all?` for checking if all input actions were allowed
9
+
4
10
  ## [0.2.0] - 2022-05-12
5
11
  ### Changed
6
12
  - Increased `grpc` version requirement to 1.46+ to avoid [installing a native gem compiled for `x86_64-darwin` on `arm64-darwin`](https://github.com/grpc/grpc/issues/29100) ([#8](https://github.com/cerbos/cerbos-sdk-ruby/pull/8))
@@ -9,6 +15,7 @@ No notable changes.
9
15
  ### Added
10
16
  - Initial implementation of `Cerbos::Client` ([#2](https://github.com/cerbos/cerbos-sdk-ruby/pull/2))
11
17
 
12
- [Unreleased]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.2.0...HEAD
18
+ [Unreleased]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.3.0...HEAD
19
+ [0.3.0]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.2.0...v0.3.0
13
20
  [0.2.0]: https://github.com/cerbos/cerbos-sdk-ruby/compare/v0.1.0...v0.2.0
14
21
  [0.1.0]: https://github.com/cerbos/cerbos-sdk-ruby/compare/4481009e9dec2e1e6a2df8ea2f828690ceabbefc...v0.1.0
data/lib/cerbos/client.rb CHANGED
@@ -44,11 +44,30 @@ module Cerbos
44
44
  end
45
45
  end
46
46
 
47
+ # Check if a principal is allowed to perform an action on a resource.
48
+ #
49
+ # @param principal [Input::Principal, Hash] the principal to check.
50
+ # @param resource [Input::Resource, Hash] the resource to check.
51
+ # @param action [String] the action to check.
52
+ # @param aux_data [Input::AuxData, Hash, nil] auxiliary data.
53
+ # @param request_id [String] identifier for tracing the request.
54
+ #
55
+ # @return [Boolean]
56
+ def allow?(principal:, resource:, action:, aux_data: nil, request_id: SecureRandom.uuid)
57
+ check_resource(
58
+ principal: principal,
59
+ resource: resource,
60
+ actions: [action],
61
+ aux_data: aux_data,
62
+ request_id: request_id
63
+ ).allow?(action)
64
+ end
65
+
47
66
  # Check a principal's permissions on a resource.
48
67
  #
49
68
  # @param principal [Input::Principal, Hash] the principal to check.
50
69
  # @param resource [Input::Resource, Hash] the resource to check.
51
- # @param actions [Input::Resource, Hash] the actions to check.
70
+ # @param actions [Array<String>] the actions to check.
52
71
  # @param aux_data [Input::AuxData, Hash, nil] auxiliary data.
53
72
  # @param include_metadata [Boolean] `true` to include additional metadata ({Output::CheckResources::Result::Metadata}) in the results.
54
73
  # @param request_id [String] identifier for tracing the request.
@@ -23,7 +23,7 @@ module Cerbos
23
23
  )
24
24
  end
25
25
 
26
- # Check the policy decision was that an action should be allowed for a resource.
26
+ # Check if the policy decision was that an action should be allowed for a resource.
27
27
  #
28
28
  # @param resource [Input::Resource, Hash] the resource search criteria (see {#find_result}).
29
29
  # @param action [String] the action to check.
@@ -34,6 +34,16 @@ module Cerbos
34
34
  find_result(resource)&.allow?(action)
35
35
  end
36
36
 
37
+ # Check if the policy decision was that all input actions should be allowed for a resource.
38
+ #
39
+ # @param resource [Input::Resource, Hash] the resource search criteria (see {#find_result}).
40
+ #
41
+ # @return [Boolean]
42
+ # @return [nil] if the resource is not present in the results.
43
+ def allow_all?(resource)
44
+ find_result(resource)&.allow_all?
45
+ end
46
+
37
47
  # Find an item from {#results} by resource.
38
48
  #
39
49
  # @param resource [Input::Resource, Hash] the resource search criteria. `kind` and `id` are required; `policy_version` and `scope` may also be provided if needed to distinguish between multiple results for the same `kind` and `id`.
@@ -95,6 +105,13 @@ module Cerbos
95
105
  actions[action]&.eql?(:EFFECT_ALLOW)
96
106
  end
97
107
 
108
+ # Check if the policy decision was that all input actions should be allowed for the resource.
109
+ #
110
+ # @return [Boolean]
111
+ def allow_all?
112
+ actions.each_value.all? { |effect| effect == :EFFECT_ALLOW }
113
+ end
114
+
98
115
  # List the actions that should be allowed for the resource.
99
116
  #
100
117
  # @return [Array<String>]
@@ -2,5 +2,5 @@
2
2
 
3
3
  module Cerbos
4
4
  # Current version of the `cerbos` gem.
5
- VERSION = "0.2.0"
5
+ VERSION = "0.3.0"
6
6
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cerbos
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Cerbos
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-05-12 00:00:00.000000000 Z
11
+ date: 2022-05-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: grpc
@@ -81,7 +81,7 @@ licenses:
81
81
  metadata:
82
82
  bug_tracker_uri: https://github.com/cerbos/cerbos-sdk-ruby/issues
83
83
  changelog_uri: https://github.com/cerbos/cerbos-sdk-ruby/blob/main/CHANGELOG.md
84
- documentation_uri: https://www.rubydoc.info/gems/cerbos/0.2.0
84
+ documentation_uri: https://www.rubydoc.info/gems/cerbos/0.3.0
85
85
  homepage_uri: https://github.com/cerbos/cerbos-sdk-ruby
86
86
  source_code_uri: https://github.com/cerbos/cerbos-sdk-ruby
87
87
  rubygems_mfa_required: 'true'