Ruby bindings for Cedar policy evaluation engine.
Install the gem and add to the application's Gemfile by executing:
$ bundle add cedar_policy
If bundler is not being used to manage dependencies, install the gem by executing:
$ gem install cedar_policy
[!WARNING] This gem is still under development and the API may change in the future.
Define a policy by Cedar Language:
policy = <<~POLICY
permit(
principal == AdminUser::"1",
action == Action::"view",
resource
);
POLICY
policy_set = CedarPolicy::PolicySet.new(policy)
Currently, the single policy is not supported.
Prepare the Entity's ID via EntityUid or an object with #to_hash method which returns a hash with :type and :id keys.
principal = CedarPolicy::EntityUid.new("User", "1") # or { type: "User", id: "1" }
action = CedarPolicy::EntityUid.new("Action", "view")
resource = CedarPolicy::EntityUid.new("Image", "1")
The Context object is used to store the request context. Use Context or an object with #to_hash method which returns a hash.
ctx = CedarPolicy::Context.new({ ip: "127.0.0.1" }) # or { ip: "127.0.0.1" }
The
Contextobject can initialize without any arguments as an empty context.
Create a Request object with the principal, action, resource, and context.
request = CedarPolicy::Request.new(principal, action, resource, ctx)
Define the entities with related this request. It should be an array of Entity objects which have #to_hash method returns a hash with :uid,:attrs, and :parents keys.
entities = CedarPolicy::Entities.new([
CedarPolicy::Entity.new(
CedarPolicy::EntityUid.new("User", "1"),
{ role: "admin" },
[] # Parents' EntityUid
),
{
uid: { type: "Image", id: "1" },
attrs: {},
parents: []
}
])
Create an Authorizer object and authorize the request with the policy set and entities.
authorizer = CedarPolicy::Authorizer.new
If boolean result is enough, use #authorize? method.
authorizer.authorize?(request, policy_set, entities) # => true
If you want to get the decision object, use #authorize method.
response = authorizer.authorize(request, policy_set, entities)
response.decision # => CedarPolicy::Decision::ALLOW
The diagnostics is not supported yet in the response.
After checking out the repo, run bin/setup to install dependencies. Then, run rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.
To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and the created tag, and push the .gem file to rubygems.org.
Bug reports and pull requests are welcome on GitHub at https://github.com/elct9620/cedar-policy-rb.
The gem is available as open source under the terms of the Apache-2.0 License.
FAQs
Unknown package
We found that cedar_policy demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
Security News
Ruby maintainers from Bundler and rbenv teams are building rv to bring Python uv's speed and unified tooling approach to Ruby development.
Security News
Following last week’s supply chain attack, Nx published findings on the GitHub Actions exploit and moved npm publishing to Trusted Publishers.