Cerbos Ruby SDK

 

Cerbos helps you super-charge your authorization implementation by writing context-aware access control policies for your application resources. Author access rules using an intuitive YAML configuration language, use your Git-ops infrastructure to test and deploy them, and make simple API requests to the Cerbos policy decision point (PDP) server to evaluate the policies and make dynamic access decisions.

The Cerbos Ruby SDK makes it easy to interact with the Cerbos PDP and Cerbos Hub from your Ruby applications.

Prerequisites

• Cerbos 0.16+
• Ruby 3.2+

Installation

Install the gem and add it to your application's Gemfile by running

$ bundle add cerbos

If you're not using Bundler to manage dependencies, install the gem by running

$ gem install cerbos

Example usage

Cerbos PDP

require "cerbos"

client = Cerbos::Client.new("localhost:3593", tls: false)

decision = client.check_resource(
  principal: {
    id: "user@example.com",
    roles: ["USER"],
  },
  resource: {
    kind: "document",
    id: "1",
    attr: {
      owner: "author@example.com"
    }
  },
  actions: ["view", "edit"]
)

decision.allow?("view") # => true
decision.allow?("edit") # => false

For more details, see the Cerbos::Client documentation.

Cerbos Hub policy stores

require "cerbos"

client = Cerbos::Hub::Stores::Client.new(
  client_id: ENV.fetch("CERBOS_HUB_CLIENT_ID"),
  client_secret: ENV.fetch("CERBOS_HUB_CLIENT_SECRET")
)

response = client.modify_files(
  store_id: ENV.fetch("CERBOS_HUB_STORE_ID"),
  operations: [
    {add_or_update: {path: "foo.yaml", contents: File.binread("path/to/foo.yaml")}},
    {delete: "bar.yaml"}
  ]
)

puts response.new_store_version

For more details, see the Cerbos::Hub::Stores::Client documentation.

Further reading

• API reference
• Cerbos documentation
• Cerbos Hub documentation

Get help

• Join the Cerbos community on Slack
• Email us at help@cerbos.dev