RubyGems - oso-cloud - Versions diffs - 0.2.0 → 0.4.0 - Mend

oso-cloud 0.2.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f79239f03cdcaddbb6a8c9800b4c83a5d28b4acccd3cae2875a9585306c1531e
-  data.tar.gz: 59764d372207e4beda482bddf6f4489573a640d61ba9d064d2644931ffe6dde0
+  metadata.gz: ae0bc3e70a6d9ea8aeb9f6f02af64afa1ca65099ea036d75d2a611bed86e3f83
+  data.tar.gz: d46f670990a2ffff708c3a72d54f9bed2da6602e8699d3ffab3108d18750851a
 SHA512:
-  metadata.gz: f68bf249055cf164b296a945a3149e0b4328f6da4843105b9455c9e864dd87d7b25374cb8cc2d3c76f971368b9944bd72784e15f36564ba5f9ed89ca538f955e
-  data.tar.gz: be9850f671f35bc24f64061b9975e92aba2c66d5c6ce9c4b33bbf2027c4e4cba7b7e62bef2f82d1057b1ed15763022d51d32d8200397629050145e271520bc45
+  metadata.gz: 118581772825e045e4f1237a43d8d8077fef30c2f8118d9886ab5d3bbfdbdfa1de383216b2426520a0aee0e0b61239a0153c177cac48de874b4832fac87b50a3
+  data.tar.gz: 6a66ab888f95a43e64ae69e3d8e9c378077da17d5dd580185b25b77371c532bb2ec169df9cdd6781cf0f43b11a68ded664d26ed9efff0d877f9019e75967a2aa

data/.gitignore CHANGED Viewed

@@ -1,3 +1,2 @@
-Gemfile.lock
 .bundle
 vendor

data/Gemfile.lock ADDED Viewed

@@ -0,0 +1,21 @@
+PATH
+  remote: .
+  specs:
+    oso-cloud (0.4.0)
+GEM
+  remote: https://rubygems.org/
+  specs:
+    minitest (5.15.0)
+    rake (12.3.3)
+PLATFORMS
+  ruby
+DEPENDENCIES
+  minitest (~> 5.15)
+  oso-cloud!
+  rake (~> 12.0)
+BUNDLED WITH
+   2.3.13

data/Rakefile CHANGED Viewed

@@ -1,2 +1,9 @@
-require "bundler/gem_tasks"
-task :default => :spec
+require 'bundler/gem_tasks'
+require 'rake/testtask'
+Rake::TestTask.new do |t|
+  t.libs << 'test'
+end
+desc "Run tests"
+task :default => :test

data/lib/oso/client.rb CHANGED Viewed

@@ -1,5 +1,4 @@
 require 'json'
-require 'logger'
 require 'net/http'
 require 'uri'
@@ -7,103 +6,117 @@ require 'oso/version'
 module Oso
   class Client
-    def initialize(url: 'https://cloud.osohq.com', api_key: nil, logger: nil)
+    def initialize(url: 'https://cloud.osohq.com', api_key: nil)
       @url = url
       @api_key = api_key
-      @logger = logger || Logger.new(STDOUT)
-      # TODO: why does this need to be configurable?
-      # @to_type_and_id = method(default_to_type_and_id)
+    end
+    def policy(policy)
+      POST('policy', { src: policy })
     end
     def authorize(actor, action, resource)
-      actor_type, actor_id = default_to_type_and_id actor
-      resource_type, resource_id = default_to_type_and_id resource
-      result = post('authorize', {
-                      actor_type: actor_type, actor_id: actor_id,
-                      action: action,
-                      resource_type: resource_type, resource_id: resource_id
-                    })
+      actor_typed_id = extract_typed_id actor
+      resource_typed_id = extract_typed_id resource
+      result = POST('authorize', {
+        actor_type: actor_typed_id.type, actor_id: actor_typed_id.id,
+        action: action,
+        resource_type: resource_typed_id.type, resource_id: resource_typed_id.id
+      })
       allowed = result['allowed']
-      @logger.debug { "AUTHORIZING (#{actor}, #{action}, #{resource}) => ALLOWED? =  #{allowed ? 'true' : 'false'} " }
       allowed
     end
     def list(actor, action, resource_type)
-      actor_type, actor_id = default_to_type_and_id actor
-      result = post('list',
-                    {
-                      actor_type: actor_type, actor_id: actor_id,
-                      action: action,
-                      resource_type: resource_type
-                    })
+      actor_typed_id = extract_typed_id actor
+      result = POST('list', {
+        actor_type: actor_typed_id.type, actor_id: actor_typed_id.id,
+        action: action,
+        resource_type: resource_type,
+      })
       results = result['results']
-      @logger.debug { "AUTHORIZING (#{actor}, #{action}, #{resource_type}). RESULTS: #{results}" }
       results
     end
-    def add_role(actor, role_name, resource)
-      add_role_or_relation('role', resource, role_name, actor)
+    def tell(predicate, *args)
+      typed_args = args.map { |a| extract_typed_id a}
+      POST('facts', { predicate: predicate, args: typed_args })
     end
-    def delete_role(actor, role_name, resource)
-      delete_role_or_relation('role', resource, role_name, actor)
+    def bulk_tell(facts)
+      params = facts.map { |predicate, *args|
+        typed_args = args.map { |a| extract_typed_id a}
+        { predicate: predicate, args: typed_args }
+      }
+      POST('bulk_load', params)
     end
-    def add_relation(subject, name, object)
-      add_role_or_relation('relation', subject, name, object)
+    def delete(predicate, *args)
+      typed_args = args.map { |a| extract_typed_id a}
+      DELETE('facts', { predicate: predicate, args: typed_args })
     end
-    def delete_relation(subject, name, object)
-      delete_role_or_relation('relation', subject, name, object)
+    def bulk_delete(facts)
+      params = facts.map { |predicate, *args|
+        typed_args = args.map { |a| extract_typed_id a}
+        { predicate: predicate, args: typed_args }
+      }
+      POST('bulk_delete', params)
     end
-    def get_roles(resource: nil, role: nil, actor: nil)
-      params = {}
-      unless actor.nil?
-        actor_type, actor_id = default_to_type_and_id actor
-        params[:actor_type] = actor_type
-        params[:actor_id] = actor_id
-      end
-      unless resource.nil?
-        resource_type, resource_id = default_to_type_and_id resource
-        params[:resource_type] = resource_type
-        params[:resource_id] = resource_id
+    def get(predicate, *args)
+      params = {predicate: predicate}
+      args.each_with_index do |arg, i|
+        typed_id = extract_arg_query(arg)
+        if typed_id
+          params["args.#{i}.type"] = typed_id.type
+          params["args.#{i}.id"] = typed_id.id
+        end
       end
-      params[:role] = role unless role.nil?
-      get('roles')
+      GET('facts', params)
     end
     private
-    def auth()
-      {"Authorization" => "Basic %s" % @api_key}
+    def headers()
+      {
+        "Authorization" => "Basic %s" % @api_key,
+        "User-Agent" => "Oso Cloud (ruby)",
+        "Accept": "application/json",
+        "Content-Type": "application/json"
+      }
     end
-    def get(path)
-      result = Net::HTTP.get(URI("#{@url}/api/#{path}"), auth)
-      handle_result result
-    end
-    def post(path, params)
-      result = Net::HTTP.post(URI("#{@url}/api/#{path}"), params.to_json, auth)
+    def GET(path, params)
+      uri = URI("#{@url}/api/#{path}")
+      uri.query = URI::encode_www_form(params)
+      use_ssl = (uri.scheme == 'https')
+      result = Net::HTTP.start(uri.hostname, uri.port, use_ssl: use_ssl ) { |http|
+        http.request(Net::HTTP::Get.new(uri, headers)) {|r|
+          r.read_body
+        }
+      }
       handle_result result
     end
-    def delete(path, params)
-      result = Net::HTTP.delete(URI("#{@url}/api/#{path}"), params.to_json, auth)
+    def POST(path, params)
+      result = Net::HTTP.post(URI("#{@url}/api/#{path}"), params.to_json, headers)
       handle_result result
     end
-    # TODO: why does this need to be configurable?
-    def default_to_type_and_id(obj)
-      if obj.nil?
-        %w[null null]
-      else
-        [obj.class.to_s, obj.id.to_s]
-      end
+    def DELETE(path, params)
+      uri = URI("#{@url}/api/#{path}")
+      use_ssl = (uri.scheme == 'https')
+      result = Net::HTTP.start(uri.hostname, uri.port, use_ssl: use_ssl ) { |http|
+        http.request(Net::HTTP::Delete.new(uri, headers), params.to_json) {|r|
+          r.read_body
+        }
+      }
+      handle_result result
     end
     def handle_result(result)
@@ -111,32 +124,27 @@ module Oso
         raise "Got an unexpected error from Oso Service: #{result.code}\n#{result.body}"
       end
-      # TODO: Always JSON?
       JSON.parse(result.body)
     end
-    def to_params(role_or_relation, from, name, to)
-      from_type, from_id = default_to_type_and_id from
-      to_type, to_id = default_to_type_and_id to
+    def extract_typed_id(x)
+      return TypedId.new(type: "String", id: x) if x.is_a? String
-      from_name = role_or_relation == 'role' ? 'resource' : 'from'
-      to_name = role_or_relation == 'role' ? 'actor' : 'to'
+      raise "#{x} does not have an 'id' field" unless x.respond_to? :id
+      raise "Invalid 'id' field on #{x}: #{x.id}" if x.id.nil?
-      {
-        "#{from_name}_id" => from_id,
-        "#{from_name}_type" => from_type,
-        role_or_relation.to_s => name,
-        "#{to_name}_id" => to_id,
-        "#{to_name}_type" => to_type
-      }
+      TypedId.new(type: x.class.name, id: x.id.to_s)
     end
-    def add_role_or_relation(role_or_relation, from, name, to)
-      post("#{role_or_relation}s", to_params(role_or_relation, from, name, to))
+    def extract_arg_query(x)
+      return nil if x.nil?
+      extract_typed_id(x)
     end
-    def delete_role_or_relation(role_or_relation, from, name, to)
-      delete("#{role_or_relation}s", to_params(role_or_relation, from, name, to))
+    TypedId = Struct.new(:type, :id, keyword_init: true) do
+      def to_json(*args)
+        to_h.to_json(*args)
+      end
     end
   end
 end

data/lib/oso/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Oso
-  VERSION = '0.2.0'.freeze
+  VERSION = '0.4.0'.freeze
 end

data/oso-cloud.gemspec CHANGED Viewed

@@ -8,7 +8,7 @@ Gem::Specification.new do |spec|
   spec.summary       = 'Oso authorization library.'
   spec.homepage      = 'https://www.osohq.com/'
-  spec.required_ruby_version = Gem::Requirement.new('>= 2.3.0')
+  spec.required_ruby_version = Gem::Requirement.new('>= 2.7.0')
   # Specify which files should be added to the gem when it is released.
   # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
@@ -18,4 +18,6 @@ Gem::Specification.new do |spec|
   spec.bindir        = 'exe'
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
+  spec.add_development_dependency 'minitest', '~> 5.15'
 end

metadata CHANGED Viewed

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: oso-cloud
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.4.0
 platform: ruby
 authors:
 - Oso Security, Inc.
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-04-01 00:00:00.000000000 Z
-dependencies: []
+date: 2022-05-18 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.15'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.15'
 description:
 email:
 - support@osohq.com
@@ -19,6 +33,7 @@ extra_rdoc_files: []
 files:
 - ".gitignore"
 - Gemfile
+- Gemfile.lock
 - README.md
 - Rakefile
 - bin/console
@@ -37,14 +52,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.3.0
+      version: 2.7.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.1.6
 signing_key:
 specification_version: 4
 summary: Oso authorization library.