Class: Aserto::AuthClient

Inherits:

Object

• Object
• Aserto::AuthClient

Defined in:

lib/aserto/auth_client.rb

Instance Attribute Summary

• #client ⇒ Object readonly

  Returns the value of attribute client.

• #config ⇒ Object readonly

  Returns the value of attribute config.

• #request ⇒ Object readonly

  Returns the value of attribute request.

Instance Method Summary

• #allowed? ⇒ Boolean
• #check(object_id:, object_type:, relation:, options: {}) ⇒ Object
• #enabled? ⇒ Boolean
• #initialize(request) ⇒ AuthClient constructor

  A new instance of AuthClient.

• #is ⇒ Object
• #visible? ⇒ Boolean

Constructor Details

#initialize(request) ⇒ AuthClient

Returns a new instance of AuthClient.

# File 'lib/aserto/auth_client.rb', line 23

def initialize(request)
  @request = request
  @config = Aserto.config
  @client = @config.client || Aserto::Authorizer::V2::Authorizer::Stub.new(
    config.service_url,
    load_creds
  )
end

Instance Attribute Details

#client ⇒ Object (readonly)

Returns the value of attribute client.

# File 'lib/aserto/auth_client.rb', line 11

def client
  @client
end

#config ⇒ Object (readonly)

Returns the value of attribute config.

# File 'lib/aserto/auth_client.rb', line 11

def config
  @config
end

#request ⇒ Object (readonly)

Returns the value of attribute request.

# File 'lib/aserto/auth_client.rb', line 11

def request
  @request
end

Instance Method Details

#allowed? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/aserto/auth_client.rb', line 68

def allowed?
  exec_is(request_is("allowed"))
end

#check(object_id:, object_type:, relation:, options: {}) ⇒ Object

# File 'lib/aserto/auth_client.rb', line 36

def check(object_id:, object_type:, relation:, options: {})
  resource_context_fields = {
    object_id: object_id,
    object_type: object_type,
    relation: relation
  }

  check_resource_context = Google::Protobuf::Struct
                           .from_hash(resource_context_fields.transform_keys!(&:to_s))

  policy_path = if options[:policy_path]
                  options[:policy_path]
                else
                  config.policy_root ? "#{config.policy_root}.check" : "rebac.check"
                end

  request = Aserto::Authorizer::V2::IsRequest.new(
    {
      policy_context: Aserto::Authorizer::V2::Api::PolicyContext.new(
        {
          path: policy_path,
          decisions: [config.decision]
        }
      ),
      policy_instance: policy_instance,
      identity_context: identity_context,
      resource_context: check_resource_context
    }
  )
  exec_is(request)
end

#enabled? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/aserto/auth_client.rb', line 76

def enabled?
  exec_is(request_is("enabled"))
end

#is ⇒ Object

# File 'lib/aserto/auth_client.rb', line 32

def is
  exec_is(request_is(config.decision))
end

#visible? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/aserto/auth_client.rb', line 72

def visible?
  exec_is(request_is("visible"))
end