soar_pl 0.0.1 → 0.0.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: c635718cebea5cd51e3b6f06355fb3d23f1e3b80
4
- data.tar.gz: ede26601dc1055a1b3ab7130fbe5e998c5e0a7f5
3
+ metadata.gz: 0c29481be40d566195451c3e9bd78e080ab120a1
4
+ data.tar.gz: 2d98e776ca3c8f4953be65b021381b67e63b97b2
5
5
  SHA512:
6
- metadata.gz: 29f328e7bc225aad9f6fa486a64443955dee7f92c33599b61714757f5162795f8b35f63a7065b21c8e6175cba2eb3431a15299c132e9b1bfe87bf66a2781c997
7
- data.tar.gz: 96c0599aa1b467be1b27a0ff36b12408731fe4bd6aee799175935d739ce0b018b4eac56441703537bb3ce49b0bac9689bf1da48495e5bb3b5ed56689445310cc
6
+ metadata.gz: af990036978a47d85e5dfe6216de6a05c50c22f5573771842f58c798dfababe8be2bd4738e288e37af9d05769cacc8779ab53b0c3f0c6c2cc201a10ed4298942
7
+ data.tar.gz: 66b001df7b86d41181299af9924e15a4a91a64cce487ab9c77b394d774771ff88ef115fd0504253ca772fa799d58ca3a27f248d3b73e9629c1732d3c1f024759
data/README.md CHANGED
@@ -32,6 +32,57 @@ The IDM provided must adhere to the following API:
32
32
  attributes = @idm.get_attributes(subject_identifier, role)
33
33
  # { 'role1' => {'attribute1' => 'value1', 'attribute2' => 'value2'}, 'role2' => {'attribute3' => 'value3', 'attribute4' => 'value4'}}
34
34
 
35
+ Initialize your policy with an identifier and a configuration:
36
+
37
+ @iut = MyRules.new('my-rules-policy', { 'clearance-threshold' => 7 })
38
+
39
+ The initialization may fail due to an error or validation failure (invalid parameters.) The initializer will always return a sane object though, on which you can call
40
+
41
+ @iut.status
42
+
43
+ in order to see whether initialization succeeded. Status will be of the form:
44
+
45
+ { 'dependencies' =>
46
+ { 'configuration' => 'valid|invalid',
47
+ 'policy_identifier' => 'valid|invalid',
48
+ 'rule_set' => 'valid|invalid' } }
49
+
50
+ Optionally, require roles to be present for an entity that you identify with a subject identifier:
51
+
52
+ @iut.requires_roles(['client', 'owner'])
53
+
54
+ If providing roles, you must provide an IDM to retrieve the entity's roles, and the attributes for each role, from:
55
+
56
+ @iut.has_idm(@idm_instance)
57
+
58
+ Check authorization for a subject identifier, (optionally) providing it with all your rule set (MyRules) needs to make the authorization decision:
59
+
60
+ result = @iut.authorize(@subject_identifier, @requestor_identifier, @resource_identifier, @request)
61
+
62
+ The subject identifier (non-empty string) is required. The requestor identifier (non-empty string) and request details (in a format you specify, but must be a Hash) as well as the resource identifier (non-empty string) are optional.
63
+
64
+ The result is jsend of the form:
65
+
66
+ { 'allowed' => true|false, 'detail' => 'a validation message', 'idm' => 'the IDM you specified or nil', 'rule_set' => 'the name of the rule set class' }
67
+
68
+ The result status will be 'fail' if something goes wrong, such as a validation failure. The status will be 'success' if the authorization took place, regardless of a true or false value for 'allowed'.
69
+
70
+ When building your rule set, you can use both your configuration as well as the parameters passed to the authorize method, and roles and attributes obtained from the IDM. You only have to override the apply_rule_set method as below. By the time apply_rule_set is called, you can rest assured that all required roles have been checked, if you specified an IDM. IDM failures result in an Entity error being reported. E.g.:
71
+
72
+ require 'soar_pl'
73
+
74
+ class MyRules < SoarPl::AuthorizationPolicy
75
+ def apply_rule_set(subject_identifier, requestor_identifier, resource_identifier, request, subject_roles, attributes)
76
+ allow = attributes['client']['clearance'] > @configuration['clearance-threshold']
77
+ message = allow ? 'Clearance level high enough' : 'Clearance level too low'
78
+ return allow, message
79
+ end
80
+ end
81
+
82
+ ## Deploying
83
+
84
+ This authorization policy framework can be deployed in-process in any ruby application or application server. It was intended for the SOAR architecture and to be deployed on soar_sc service components.
85
+
35
86
  ## Contributing
36
87
 
37
88
  Bug reports and feature requests are welcome by email to ernst dot van dot graan at hetzner dot co dot za. This gem is sponsored by Hetzner (Pty) Ltd (http://hetzner.co.za)
@@ -105,7 +105,7 @@ module SoarPl
105
105
  def setup
106
106
  end
107
107
 
108
- def apply_rule_set(subject_identifier, requestor_identifier, resource_identifier, request, subject_roles, attribures)
108
+ def apply_rule_set(subject_identifier, requestor_identifier, resource_identifier, request, subject_roles, attributes)
109
109
  # override me
110
110
  end
111
111
 
@@ -1,3 +1,3 @@
1
1
  module SoarPl
2
- VERSION = "0.0.1"
2
+ VERSION = "0.0.2"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: soar_pl
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
4
+ version: 0.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ernst van Graan