Class: Cerbos::Output::PlanResources

Inherits:

Object

• Object
• Cerbos::Output::PlanResources

Defined in:

lib/cerbos/output/plan_resources.rb

Overview

A query plan that can be used to obtain a list of resources on which a principal is allowed to perform a particular action.

See Also:

• Client#plan_resources

Defined Under Namespace

Classes: Expression, Metadata

Instance Attribute Summary

• #condition ⇒ Expression, ... readonly

  The root node of the query condition abstract syntax tree.

• #kind ⇒ :KIND_ALWAYS_ALLOWED, ... readonly

  The type of plan.

• #metadata ⇒ Metadata^? readonly

  Additional information about the query plan.

• #request_id ⇒ String readonly

  The identifier for tracing the request.

• #validation_errors ⇒ Array<ValidationError> readonly

  Any schema validation errors for the principal or resource attributes.

Instance Method Summary

• #always_allowed? ⇒ Boolean

  Check if the specified action is always allowed for the principal on resources matching the input.

• #always_denied? ⇒ Boolean

  Check if the specified action is always denied for the principal on resources matching the input.

• #conditional? ⇒ Boolean

  Check if the specified action is conditionally allowed for the principal on resources matching the input.

Instance Attribute Details

#condition ⇒ Expression, ... (readonly)

The root node of the query condition abstract syntax tree.

Returns:

• (Expression, Expression::Variable)
• (nil) —

  if the specified action is not conditional (is always allowed or denied) for the principal on resources matching the input.

See Also:

• #always_allowed?
• #always_denied?
• #conditional?

# File 'lib/cerbos/output/plan_resources.rb', line 8

PlanResources = Output.new_class(:request_id, :kind, :condition, :validation_errors, :metadata) do
  # @!attribute [r] request_id
  #   The identifier for tracing the request.
  #
  #   @return [String]

  # @!attribute [r] kind
  #   The type of plan.
  #
  #   @return [:KIND_ALWAYS_ALLOWED, :KIND_ALWAYS_DENIED, :KIND_CONDITIONAL]

  # @!attribute [r] condition
  #   The root node of the query condition abstract syntax tree.
  #
  #   @return [Expression, Expression::Variable]
  #   @return [nil] if the specified action is not conditional (is always allowed or denied) for the principal on resources matching the input.
  #
  #   @see #always_allowed?
  #   @see #always_denied?
  #   @see #conditional?

  # @!attribute [r] validation_errors
  #   Any schema validation errors for the principal or resource attributes.
  #
  #   @return [Array<ValidationError>]

  # @!attribute [r] metadata
  #   Additional information about the query plan.
  #
  #   @return [Metadata]
  #   @return [nil] if `include_metadata` was `false`.

  def self.from_protobuf(plan_resources)
    new(
      request_id: plan_resources.request_id,
      kind: plan_resources.filter.kind,
      condition: PlanResources::Expression::Operand.from_protobuf(plan_resources.filter.condition),
      validation_errors: (plan_resources.validation_errors || []).map { |validation_error| ValidationError.from_protobuf(validation_error) },
      metadata: PlanResources::Metadata.from_protobuf(plan_resources.meta)
    )
  end

  # Check if the specified action is always allowed for the principal on resources matching the input.
  #
  # @return [Boolean]
  def always_allowed?
    kind == :KIND_ALWAYS_ALLOWED
  end

  # Check if the specified action is always denied for the principal on resources matching the input.
  #
  # @return [Boolean]
  def always_denied?
    kind == :KIND_ALWAYS_DENIED
  end

  # Check if the specified action is conditionally allowed for the principal on resources matching the input.
  #
  # @return [Boolean]
  def conditional?
    kind == :KIND_CONDITIONAL
  end
end

#kind ⇒ :KIND_ALWAYS_ALLOWED, ... (readonly)

The type of plan.

Returns:

• (:KIND_ALWAYS_ALLOWED, :KIND_ALWAYS_DENIED, :KIND_CONDITIONAL)

# File 'lib/cerbos/output/plan_resources.rb', line 8

PlanResources = Output.new_class(:request_id, :kind, :condition, :validation_errors, :metadata) do
  # @!attribute [r] request_id
  #   The identifier for tracing the request.
  #
  #   @return [String]

  # @!attribute [r] kind
  #   The type of plan.
  #
  #   @return [:KIND_ALWAYS_ALLOWED, :KIND_ALWAYS_DENIED, :KIND_CONDITIONAL]

  # @!attribute [r] condition
  #   The root node of the query condition abstract syntax tree.
  #
  #   @return [Expression, Expression::Variable]
  #   @return [nil] if the specified action is not conditional (is always allowed or denied) for the principal on resources matching the input.
  #
  #   @see #always_allowed?
  #   @see #always_denied?
  #   @see #conditional?

  # @!attribute [r] validation_errors
  #   Any schema validation errors for the principal or resource attributes.
  #
  #   @return [Array<ValidationError>]

  # @!attribute [r] metadata
  #   Additional information about the query plan.
  #
  #   @return [Metadata]
  #   @return [nil] if `include_metadata` was `false`.

  def self.from_protobuf(plan_resources)
    new(
      request_id: plan_resources.request_id,
      kind: plan_resources.filter.kind,
      condition: PlanResources::Expression::Operand.from_protobuf(plan_resources.filter.condition),
      validation_errors: (plan_resources.validation_errors || []).map { |validation_error| ValidationError.from_protobuf(validation_error) },
      metadata: PlanResources::Metadata.from_protobuf(plan_resources.meta)
    )
  end

  # Check if the specified action is always allowed for the principal on resources matching the input.
  #
  # @return [Boolean]
  def always_allowed?
    kind == :KIND_ALWAYS_ALLOWED
  end

  # Check if the specified action is always denied for the principal on resources matching the input.
  #
  # @return [Boolean]
  def always_denied?
    kind == :KIND_ALWAYS_DENIED
  end

  # Check if the specified action is conditionally allowed for the principal on resources matching the input.
  #
  # @return [Boolean]
  def conditional?
    kind == :KIND_CONDITIONAL
  end
end

#metadata ⇒ Metadata^? (readonly)

Additional information about the query plan.

Returns:

• (Metadata)
• (nil) —

  if include_metadata was false.

# File 'lib/cerbos/output/plan_resources.rb', line 8

PlanResources = Output.new_class(:request_id, :kind, :condition, :validation_errors, :metadata) do
  # @!attribute [r] request_id
  #   The identifier for tracing the request.
  #
  #   @return [String]

  # @!attribute [r] kind
  #   The type of plan.
  #
  #   @return [:KIND_ALWAYS_ALLOWED, :KIND_ALWAYS_DENIED, :KIND_CONDITIONAL]

  # @!attribute [r] condition
  #   The root node of the query condition abstract syntax tree.
  #
  #   @return [Expression, Expression::Variable]
  #   @return [nil] if the specified action is not conditional (is always allowed or denied) for the principal on resources matching the input.
  #
  #   @see #always_allowed?
  #   @see #always_denied?
  #   @see #conditional?

  # @!attribute [r] validation_errors
  #   Any schema validation errors for the principal or resource attributes.
  #
  #   @return [Array<ValidationError>]

  # @!attribute [r] metadata
  #   Additional information about the query plan.
  #
  #   @return [Metadata]
  #   @return [nil] if `include_metadata` was `false`.

  def self.from_protobuf(plan_resources)
    new(
      request_id: plan_resources.request_id,
      kind: plan_resources.filter.kind,
      condition: PlanResources::Expression::Operand.from_protobuf(plan_resources.filter.condition),
      validation_errors: (plan_resources.validation_errors || []).map { |validation_error| ValidationError.from_protobuf(validation_error) },
      metadata: PlanResources::Metadata.from_protobuf(plan_resources.meta)
    )
  end

  # Check if the specified action is always allowed for the principal on resources matching the input.
  #
  # @return [Boolean]
  def always_allowed?
    kind == :KIND_ALWAYS_ALLOWED
  end

  # Check if the specified action is always denied for the principal on resources matching the input.
  #
  # @return [Boolean]
  def always_denied?
    kind == :KIND_ALWAYS_DENIED
  end

  # Check if the specified action is conditionally allowed for the principal on resources matching the input.
  #
  # @return [Boolean]
  def conditional?
    kind == :KIND_CONDITIONAL
  end
end

#request_id ⇒ String (readonly)

The identifier for tracing the request.

Returns:

• (String)

# File 'lib/cerbos/output/plan_resources.rb', line 8

PlanResources = Output.new_class(:request_id, :kind, :condition, :validation_errors, :metadata) do
  # @!attribute [r] request_id
  #   The identifier for tracing the request.
  #
  #   @return [String]

  # @!attribute [r] kind
  #   The type of plan.
  #
  #   @return [:KIND_ALWAYS_ALLOWED, :KIND_ALWAYS_DENIED, :KIND_CONDITIONAL]

  # @!attribute [r] condition
  #   The root node of the query condition abstract syntax tree.
  #
  #   @return [Expression, Expression::Variable]
  #   @return [nil] if the specified action is not conditional (is always allowed or denied) for the principal on resources matching the input.
  #
  #   @see #always_allowed?
  #   @see #always_denied?
  #   @see #conditional?

  # @!attribute [r] validation_errors
  #   Any schema validation errors for the principal or resource attributes.
  #
  #   @return [Array<ValidationError>]

  # @!attribute [r] metadata
  #   Additional information about the query plan.
  #
  #   @return [Metadata]
  #   @return [nil] if `include_metadata` was `false`.

  def self.from_protobuf(plan_resources)
    new(
      request_id: plan_resources.request_id,
      kind: plan_resources.filter.kind,
      condition: PlanResources::Expression::Operand.from_protobuf(plan_resources.filter.condition),
      validation_errors: (plan_resources.validation_errors || []).map { |validation_error| ValidationError.from_protobuf(validation_error) },
      metadata: PlanResources::Metadata.from_protobuf(plan_resources.meta)
    )
  end

  # Check if the specified action is always allowed for the principal on resources matching the input.
  #
  # @return [Boolean]
  def always_allowed?
    kind == :KIND_ALWAYS_ALLOWED
  end

  # Check if the specified action is always denied for the principal on resources matching the input.
  #
  # @return [Boolean]
  def always_denied?
    kind == :KIND_ALWAYS_DENIED
  end

  # Check if the specified action is conditionally allowed for the principal on resources matching the input.
  #
  # @return [Boolean]
  def conditional?
    kind == :KIND_CONDITIONAL
  end
end

#validation_errors ⇒ Array<ValidationError> (readonly)

Any schema validation errors for the principal or resource attributes.

Returns:

• (Array<ValidationError>)

# File 'lib/cerbos/output/plan_resources.rb', line 8

PlanResources = Output.new_class(:request_id, :kind, :condition, :validation_errors, :metadata) do
  # @!attribute [r] request_id
  #   The identifier for tracing the request.
  #
  #   @return [String]

  # @!attribute [r] kind
  #   The type of plan.
  #
  #   @return [:KIND_ALWAYS_ALLOWED, :KIND_ALWAYS_DENIED, :KIND_CONDITIONAL]

  # @!attribute [r] condition
  #   The root node of the query condition abstract syntax tree.
  #
  #   @return [Expression, Expression::Variable]
  #   @return [nil] if the specified action is not conditional (is always allowed or denied) for the principal on resources matching the input.
  #
  #   @see #always_allowed?
  #   @see #always_denied?
  #   @see #conditional?

  # @!attribute [r] validation_errors
  #   Any schema validation errors for the principal or resource attributes.
  #
  #   @return [Array<ValidationError>]

  # @!attribute [r] metadata
  #   Additional information about the query plan.
  #
  #   @return [Metadata]
  #   @return [nil] if `include_metadata` was `false`.

  def self.from_protobuf(plan_resources)
    new(
      request_id: plan_resources.request_id,
      kind: plan_resources.filter.kind,
      condition: PlanResources::Expression::Operand.from_protobuf(plan_resources.filter.condition),
      validation_errors: (plan_resources.validation_errors || []).map { |validation_error| ValidationError.from_protobuf(validation_error) },
      metadata: PlanResources::Metadata.from_protobuf(plan_resources.meta)
    )
  end

  # Check if the specified action is always allowed for the principal on resources matching the input.
  #
  # @return [Boolean]
  def always_allowed?
    kind == :KIND_ALWAYS_ALLOWED
  end

  # Check if the specified action is always denied for the principal on resources matching the input.
  #
  # @return [Boolean]
  def always_denied?
    kind == :KIND_ALWAYS_DENIED
  end

  # Check if the specified action is conditionally allowed for the principal on resources matching the input.
  #
  # @return [Boolean]
  def conditional?
    kind == :KIND_CONDITIONAL
  end
end

Instance Method Details

#always_allowed? ⇒ Boolean

Check if the specified action is always allowed for the principal on resources matching the input.

Returns:

• (Boolean)

# File 'lib/cerbos/output/plan_resources.rb', line 53

def always_allowed?
  kind == :KIND_ALWAYS_ALLOWED
end

#always_denied? ⇒ Boolean

Check if the specified action is always denied for the principal on resources matching the input.

Returns:

• (Boolean)

# File 'lib/cerbos/output/plan_resources.rb', line 60

def always_denied?
  kind == :KIND_ALWAYS_DENIED
end

#conditional? ⇒ Boolean

Check if the specified action is conditionally allowed for the principal on resources matching the input.

Returns:

• (Boolean)

# File 'lib/cerbos/output/plan_resources.rb', line 67

def conditional?
  kind == :KIND_CONDITIONAL
end