Skip to main content

Ruby Directory Client

Installation

Add to your application Gemfile:

gem "aserto"

And then execute:

bundle install

Or install it yourself as:

gem install aserto

Directory

The Directory APIs can be used to get or set object instances and relation instances. They can also be used to check whether a user has a permission or relation on an object instance.

Directory Client

You can initialize a directory client as follows:

require 'aserto/directory/client'

directory_client = Aserto::Directory::Client.new(
  url: "directory.prod.aserto.com:8443",
  tenant_id: "aserto-tenant-id",
  api_key: "basic directory api key",
)
  • url: hostname:port of directory service (required)
  • api_key: API key for directory service (required if using hosted directory)
  • tenant_id: Aserto tenant ID (required if using hosted directory)
  • cert_path: Path to the grpc service certificate when connecting to local topaz instance.

Getting objects and relations

Get an object instance with the type type-name and the key object-key. For example:

user = directory_client.object(type: 'user', key: 'euang@acmecorp.com')

Get an array of relations of a certain type for an object instance. For example:

identity = 'euang@acmecorp.com';
relations = directory_client.relation(
  {
    subject: {
      type: 'user',
    },
    object: {
      type: 'identity',
      key: identity
    },
    relation: {
      name: 'identifier',
      objectType: 'identity'
    }
  }
)

Setting objects and relations

Create a new object

user = directory_client.set_object(object: { type: "user", key: "test-object", display_name: "test object" })
identity = directory_client.set_object(object: { type: "identity", key: "test-identity" })

Update an existing object

user = directory_client.set_object(object: { type: "user", key: "test-object", display_name: "test object" })
user.display_name = 'test object edit'
updated_user = directory_client.set_object(object: user)

Create a new relation

directory_client.set_relation(
  subject: { type: "user", "test-object" },
  relation: "identifier",
  object: { type: "identity", key: "test-identity" }
)

Delete a relation

pp client.delete_relation(
  subject: { type: "user", key: "test-object" },
  relation: { name: "identifier", object_type: "identity" },
  object: { type: "identity", key: "test-identity" }
)

Checking permissions and relations

Check permission

directory_client.check_permission(
  subject: { type: "user", key: "011a88bc-7df9-4d92-ba1f-2ff319e101e1" },
  permission: { name: "read" },
  object: { type: "group", key: "executive" }
)

Check relation

directory_client.check_relation(
  subject: { type: "user", key: "dfdadc39-7335-404d-af66-c77cf13a15f8" },
  relation: { name: "identifier", object_type: "identity" },
  object: { type: "identity", key: "euang@acmecorp.com" }
)