oso-cloud 0.2.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: f79239f03cdcaddbb6a8c9800b4c83a5d28b4acccd3cae2875a9585306c1531e
+  data.tar.gz: 59764d372207e4beda482bddf6f4489573a640d61ba9d064d2644931ffe6dde0
+SHA512:
+  metadata.gz: f68bf249055cf164b296a945a3149e0b4328f6da4843105b9455c9e864dd87d7b25374cb8cc2d3c76f971368b9944bd72784e15f36564ba5f9ed89ca538f955e
+  data.tar.gz: be9850f671f35bc24f64061b9975e92aba2c66d5c6ce9c4b33bbf2027c4e4cba7b7e62bef2f82d1057b1ed15763022d51d32d8200397629050145e271520bc45

data/.gitignore

@@ -0,0 +1,3 @@
+Gemfile.lock
+.bundle
+vendor

data/Gemfile

@@ -0,0 +1,6 @@
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in oso-cloud.gemspec
+gemspec
+
+gem "rake", "~> 12.0"

data/README.md

@@ -0,0 +1,25 @@
+# Oso::Client
+
+Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/oso/client`. To experiment with that code, run `bin/console` for an interactive prompt.
+
+TODO: Delete this and the text above, and describe your gem
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'oso-cloud'
+```
+
+And then execute:
+
+    $ bundle install
+
+Or install it yourself as:
+
+    $ gem install oso-cloud
+
+## Usage
+
+TODO: Write usage instructions here

data/Rakefile

@@ -0,0 +1,2 @@
+require "bundler/gem_tasks"
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "oso/client"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/oso/client.rb

@@ -0,0 +1,142 @@
+require 'json'
+require 'logger'
+require 'net/http'
+require 'uri'
+
+require 'oso/version'
+
+module Oso
+  class Client
+    def initialize(url: 'https://cloud.osohq.com', api_key: nil, logger: nil)
+      @url = url
+      @api_key = api_key
+      @logger = logger || Logger.new(STDOUT)
+      # TODO: why does this need to be configurable?
+      # @to_type_and_id = method(default_to_type_and_id)
+    end
+
+    def authorize(actor, action, resource)
+      actor_type, actor_id = default_to_type_and_id actor
+      resource_type, resource_id = default_to_type_and_id resource
+      result = post('authorize', {
+                      actor_type: actor_type, actor_id: actor_id,
+                      action: action,
+                      resource_type: resource_type, resource_id: resource_id
+                    })
+      allowed = result['allowed']
+      @logger.debug { "AUTHORIZING (#{actor}, #{action}, #{resource}) => ALLOWED? =  #{allowed ? 'true' : 'false'} " }
+
+      allowed
+    end
+
+    def list(actor, action, resource_type)
+      actor_type, actor_id = default_to_type_and_id actor
+      result = post('list',
+                    {
+                      actor_type: actor_type, actor_id: actor_id,
+                      action: action,
+                      resource_type: resource_type
+                    })
+      results = result['results']
+      @logger.debug { "AUTHORIZING (#{actor}, #{action}, #{resource_type}). RESULTS: #{results}" }
+
+      results
+    end
+
+    def add_role(actor, role_name, resource)
+      add_role_or_relation('role', resource, role_name, actor)
+    end
+
+    def delete_role(actor, role_name, resource)
+      delete_role_or_relation('role', resource, role_name, actor)
+    end
+
+    def add_relation(subject, name, object)
+      add_role_or_relation('relation', subject, name, object)
+    end
+
+    def delete_relation(subject, name, object)
+      delete_role_or_relation('relation', subject, name, object)
+    end
+
+    def get_roles(resource: nil, role: nil, actor: nil)
+      params = {}
+      unless actor.nil?
+        actor_type, actor_id = default_to_type_and_id actor
+        params[:actor_type] = actor_type
+        params[:actor_id] = actor_id
+      end
+      unless resource.nil?
+        resource_type, resource_id = default_to_type_and_id resource
+        params[:resource_type] = resource_type
+        params[:resource_id] = resource_id
+      end
+      params[:role] = role unless role.nil?
+
+      get('roles')
+    end
+
+    private
+
+    def auth()
+      {"Authorization" => "Basic %s" % @api_key}
+    end
+
+    def get(path)
+      result = Net::HTTP.get(URI("#{@url}/api/#{path}"), auth)
+      handle_result result
+    end
+
+    def post(path, params)
+      result = Net::HTTP.post(URI("#{@url}/api/#{path}"), params.to_json, auth)
+      handle_result result
+    end
+
+    def delete(path, params)
+      result = Net::HTTP.delete(URI("#{@url}/api/#{path}"), params.to_json, auth)
+      handle_result result
+    end
+
+    # TODO: why does this need to be configurable?
+    def default_to_type_and_id(obj)
+      if obj.nil?
+        %w[null null]
+      else
+        [obj.class.to_s, obj.id.to_s]
+      end
+    end
+
+    def handle_result(result)
+      unless result.is_a?(Net::HTTPSuccess)
+        raise "Got an unexpected error from Oso Service: #{result.code}\n#{result.body}"
+      end
+
+      # TODO: Always JSON?
+      JSON.parse(result.body)
+    end
+
+    def to_params(role_or_relation, from, name, to)
+      from_type, from_id = default_to_type_and_id from
+      to_type, to_id = default_to_type_and_id to
+
+      from_name = role_or_relation == 'role' ? 'resource' : 'from'
+      to_name = role_or_relation == 'role' ? 'actor' : 'to'
+
+      {
+        "#{from_name}_id" => from_id,
+        "#{from_name}_type" => from_type,
+        role_or_relation.to_s => name,
+        "#{to_name}_id" => to_id,
+        "#{to_name}_type" => to_type
+      }
+    end
+
+    def add_role_or_relation(role_or_relation, from, name, to)
+      post("#{role_or_relation}s", to_params(role_or_relation, from, name, to))
+    end
+
+    def delete_role_or_relation(role_or_relation, from, name, to)
+      delete("#{role_or_relation}s", to_params(role_or_relation, from, name, to))
+    end
+  end
+end

data/lib/oso/version.rb

@@ -0,0 +1,3 @@
+module Oso
+  VERSION = '0.2.0'.freeze
+end

data/oso-cloud.gemspec

@@ -0,0 +1,21 @@
+require_relative 'lib/oso/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'oso-cloud'
+  spec.version       = Oso::VERSION
+  spec.authors       = ['Oso Security, Inc.']
+  spec.email         = ['support@osohq.com']
+  spec.summary       = 'Oso authorization library.'
+  spec.homepage      = 'https://www.osohq.com/'
+
+  spec.required_ruby_version = Gem::Requirement.new('>= 2.3.0')
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.bindir        = 'exe'
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+end

metadata

@@ -0,0 +1,51 @@
+--- !ruby/object:Gem::Specification
+name: oso-cloud
+version: !ruby/object:Gem::Version
+  version: 0.2.0
+platform: ruby
+authors:
+- Oso Security, Inc.
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2022-04-01 00:00:00.000000000 Z
+dependencies: []
+description: 
+email:
+- support@osohq.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- lib/oso/client.rb
+- lib/oso/version.rb
+- oso-cloud.gemspec
+homepage: https://www.osohq.com/
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.3.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.2
+signing_key: 
+specification_version: 4
+summary: Oso authorization library.
+test_files: []