RubyGems - oso-cloud - Versions diffs - 0.2.0 → 0.4.0 - Mend

oso-cloud 0.2.0 → 0.4.0

Files changed (8) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f79239f03cdcaddbb6a8c9800b4c83a5d28b4acccd3cae2875a9585306c1531e
-  data.tar.gz: 59764d372207e4beda482bddf6f4489573a640d61ba9d064d2644931ffe6dde0
+  metadata.gz: ae0bc3e70a6d9ea8aeb9f6f02af64afa1ca65099ea036d75d2a611bed86e3f83
+  data.tar.gz: d46f670990a2ffff708c3a72d54f9bed2da6602e8699d3ffab3108d18750851a
 SHA512:
-  metadata.gz: f68bf249055cf164b296a945a3149e0b4328f6da4843105b9455c9e864dd87d7b25374cb8cc2d3c76f971368b9944bd72784e15f36564ba5f9ed89ca538f955e
-  data.tar.gz: be9850f671f35bc24f64061b9975e92aba2c66d5c6ce9c4b33bbf2027c4e4cba7b7e62bef2f82d1057b1ed15763022d51d32d8200397629050145e271520bc45
+  metadata.gz: 118581772825e045e4f1237a43d8d8077fef30c2f8118d9886ab5d3bbfdbdfa1de383216b2426520a0aee0e0b61239a0153c177cac48de874b4832fac87b50a3
+  data.tar.gz: 6a66ab888f95a43e64ae69e3d8e9c378077da17d5dd580185b25b77371c532bb2ec169df9cdd6781cf0f43b11a68ded664d26ed9efff0d877f9019e75967a2aa

data/.gitignore CHANGED Viewed

@@ -1,3 +1,2 @@
-Gemfile.lock
 .bundle
 vendor

data/Gemfile.lock ADDED Viewed

@@ -0,0 +1,21 @@
+PATH
+  remote: .
+  specs:
+    oso-cloud (0.4.0)
+GEM
+  remote: https://rubygems.org/
+  specs:
+    minitest (5.15.0)
+    rake (12.3.3)
+PLATFORMS
+  ruby
+DEPENDENCIES
+  minitest (~> 5.15)
+  oso-cloud!
+  rake (~> 12.0)
+BUNDLED WITH
+   2.3.13

data/Rakefile CHANGED Viewed

@@ -1,2 +1,9 @@
-require "bundler/gem_tasks"
-task :default => :spec
+require 'bundler/gem_tasks'
+require 'rake/testtask'
+Rake::TestTask.new do |t|
+  t.libs << 'test'
+end
+desc "Run tests"
+task :default => :test

data/lib/oso/client.rb CHANGED Viewed

@@ -1,5 +1,4 @@
 require 'json'
-require 'logger'
 require 'net/http'
 require 'uri'
@@ -7,103 +6,117 @@ require 'oso/version'
 module Oso
   class Client
-    def initialize(url: 'https://cloud.osohq.com', api_key: nil, logger: nil)
+    def initialize(url: 'https://cloud.osohq.com', api_key: nil)
       @url = url
       @api_key = api_key
-      @logger = logger || Logger.new(STDOUT)
-      # TODO: why does this need to be configurable?
-      # @to_type_and_id = method(default_to_type_and_id)
+    end
+    def policy(policy)
+      POST('policy', { src: policy })
     end
     def authorize(actor, action, resource)
-      actor_type, actor_id = default_to_type_and_id actor
-      resource_type, resource_id = default_to_type_and_id resource
-      result = post('authorize', {
-                      actor_type: actor_type, actor_id: actor_id,
-                      action: action,
-                      resource_type: resource_type, resource_id: resource_id
-                    })
+      actor_typed_id = extract_typed_id actor
+      resource_typed_id = extract_typed_id resource
+      result = POST('authorize', {
+        actor_type: actor_typed_id.type, actor_id: actor_typed_id.id,
+        action: action,
+        resource_type: resource_typed_id.type, resource_id: resource_typed_id.id
+      })
       allowed = result['allowed']
-      @logger.debug { "AUTHORIZING (#{actor}, #{action}, #{resource}) => ALLOWED? =  #{allowed ? 'true' : 'false'} " }
       allowed
     end
     def list(actor, action, resource_type)
-      actor_type, actor_id = default_to_type_and_id actor
-      result = post('list',
-                    {
-                      actor_type: actor_type, actor_id: actor_id,
-                      action: action,
-                      resource_type: resource_type
-                    })
+      actor_typed_id = extract_typed_id actor
+      result = POST('list', {
+        actor_type: actor_typed_id.type, actor_id: actor_typed_id.id,
+        action: action,
+        resource_type: resource_type,
+      })
       results = result['results']
-      @logger.debug { "AUTHORIZING (#{actor}, #{action}, #{resource_type}). RESULTS: #{results}" }
       results
     end
-    def add_role(actor, role_name, resource)
-      add_role_or_relation('role', resource, role_name, actor)
+    def tell(predicate, *args)
+      typed_args = args.map { |a| extract_typed_id a}
+      POST('facts', { predicate: predicate, args: typed_args })
     end
-    def delete_role(actor, role_name, resource)
-      delete_role_or_relation('role', resource, role_name, actor)
+    def bulk_tell(facts)
+      params = facts.map { |predicate, *args|
+        typed_args = args.map { |a| extract_typed_id a}
+        { predicate: predicate, args: typed_args }
+      }
+      POST('bulk_load', params)
     end
-    def add_relation(subject, name, object)
-      add_role_or_relation('relation', subject, name, object)
+    def delete(predicate, *args)
+      typed_args = args.map { |a| extract_typed_id a}
+      DELETE('facts', { predicate: predicate, args: typed_args })
     end
-    def delete_relation(subject, name, object)
-      delete_role_or_relation('relation', subject, name, object)
+    def bulk_delete(facts)
+      params = facts.map { |predicate, *args|
+        typed_args = args.map { |a| extract_typed_id a}
+        { predicate: predicate, args: typed_args }
+      }
+      POST('bulk_delete', params)
     end
-    def get_roles(resource: nil, role: nil, actor: nil)
-      params = {}
-      unless actor.nil?
-        actor_type, actor_id = default_to_type_and_id actor
-        params[:actor_type] = actor_type
-        params[:actor_id] = actor_id
-      end
-      unless resource.nil?
-        resource_type, resource_id = default_to_type_and_id resource
-        params[:resource_type] = resource_type
-        params[:resource_id] = resource_id
+    def get(predicate, *args)
+      params = {predicate: predicate}
+      args.each_with_index do |arg, i|
+        typed_id = extract_arg_query(arg)
+        if typed_id
+          params["args.#{i}.type"] = typed_id.type
+          params["args.#{i}.id"] = typed_id.id
+        end
       end
-      params[:role] = role unless role.nil?
-      get('roles')
+      GET('facts', params)
     end
     private
-    def auth()
-      {"Authorization" => "Basic %s" % @api_key}
+    def headers()
+      {
+        "Authorization" => "Basic %s" % @api_key,
+        "User-Agent" => "Oso Cloud (ruby)",
+        "Accept": "application/json",
+        "Content-Type": "application/json"
+      }
     end
-    def get(path)
-      result = Net::HTTP.get(URI("#{@url}/api/#{path}"), auth)
-      handle_result result
-    end
-    def post(path, params)
-      result = Net::HTTP.post(URI("#{@url}/api/#{path}"), params.to_json, auth)
+    def GET(path, params)
+      uri = URI("#{@url}/api/#{path}")
+      uri.query = URI::encode_www_form(params)
+      use_ssl = (uri.scheme == 'https')
+      result = Net::HTTP.start(uri.hostname, uri.port, use_ssl: use_ssl ) { |http|
+        http.request(Net::HTTP::Get.new(uri, headers)) {|r|
+          r.read_body
+        }
+      }
       handle_result result
     end
-    def delete(path, params)
-      result = Net::HTTP.delete(URI("#{@url}/api/#{path}"), params.to_json, auth)
+    def POST(path, params)
+      result = Net::HTTP.post(URI("#{@url}/api/#{path}"), params.to_json, headers)
       handle_result result
     end
-    # TODO: why does this need to be configurable?
-    def default_to_type_and_id(obj)
-      if obj.nil?
-        %w[null null]
-      else
-        [obj.class.to_s, obj.id.to_s]
-      end
+    def DELETE(path, params)
+      uri = URI("#{@url}/api/#{path}")
+      use_ssl = (uri.scheme == 'https')
+      result = Net::HTTP.start(uri.hostname, uri.port, use_ssl: use_ssl ) { |http|
+        http.request(Net::HTTP::Delete.new(uri, headers), params.to_json) {|r|
+          r.read_body
+        }
+      }
+      handle_result result
     end
     def handle_result(result)
@@ -111,32 +124,27 @@ module Oso
         raise "Got an unexpected error from Oso Service: #{result.code}\n#{result.body}"
       end
-      # TODO: Always JSON?
       JSON.parse(result.body)
     end
-    def to_params(role_or_relation, from, name, to)
-      from_type, from_id = default_to_type_and_id from
-      to_type, to_id = default_to_type_and_id to
+    def extract_typed_id(x)
+      return TypedId.new(type: "String", id: x) if x.is_a? String
-      from_name = role_or_relation == 'role' ? 'resource' : 'from'
-      to_name = role_or_relation == 'role' ? 'actor' : 'to'
+      raise "#{x} does not have an 'id' field" unless x.respond_to? :id
+      raise "Invalid 'id' field on #{x}: #{x.id}" if x.id.nil?
-      {
-        "#{from_name}_id" => from_id,
-        "#{from_name}_type" => from_type,
-        role_or_relation.to_s => name,
-        "#{to_name}_id" => to_id,
-        "#{to_name}_type" => to_type
-      }
+      TypedId.new(type: x.class.name, id: x.id.to_s)
     end
-    def add_role_or_relation(role_or_relation, from, name, to)
-      post("#{role_or_relation}s", to_params(role_or_relation, from, name, to))
+    def extract_arg_query(x)
+      return nil if x.nil?
+      extract_typed_id(x)
     end
-    def delete_role_or_relation(role_or_relation, from, name, to)
-      delete("#{role_or_relation}s", to_params(role_or_relation, from, name, to))
+    TypedId = Struct.new(:type, :id, keyword_init: true) do
+      def to_json(*args)
+        to_h.to_json(*args)
+      end
     end
   end
 end

data/lib/oso/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Oso
-  VERSION = '0.2.0'.freeze
+  VERSION = '0.4.0'.freeze
 end

data/oso-cloud.gemspec CHANGED Viewed

@@ -8,7 +8,7 @@ Gem::Specification.new do |spec|
   spec.summary       = 'Oso authorization library.'
   spec.homepage      = 'https://www.osohq.com/'
-  spec.required_ruby_version = Gem::Requirement.new('>= 2.3.0')
+  spec.required_ruby_version = Gem::Requirement.new('>= 2.7.0')
   # Specify which files should be added to the gem when it is released.
   # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
@@ -18,4 +18,6 @@ Gem::Specification.new do |spec|
   spec.bindir        = 'exe'
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
+  spec.add_development_dependency 'minitest', '~> 5.15'
 end

metadata CHANGED Viewed

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: oso-cloud
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.4.0
 platform: ruby
 authors:
 - Oso Security, Inc.
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-04-01 00:00:00.000000000 Z
-dependencies: []
+date: 2022-05-18 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.15'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.15'
 description:
 email:
 - support@osohq.com
@@ -19,6 +33,7 @@ extra_rdoc_files: []
 files:
 - ".gitignore"
 - Gemfile
+- Gemfile.lock
 - README.md
 - Rakefile
 - bin/console
@@ -37,14 +52,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.3.0
+      version: 2.7.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.1.6
 signing_key:
 specification_version: 4
 summary: Oso authorization library.