oso-cloud 0.3.1 → 0.6.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +2 -2
- data/lib/oso/client.rb +61 -13
- data/lib/oso/version.rb +1 -1
- data/oso-cloud.gemspec +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f76c57bb36720bbfbd88a403db0e80304c1d29edd4ee24ffaf4a3e48ff34760f
|
|
4
|
+
data.tar.gz: bb077dcb1f83e4b376d302ecf91067aa0b06c466e9e6c4a39cfeea0851b553a5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b0c91e6514431e826ac0729c15e008c5aed0a85a9eed6d4d60e59fb1b75919eac6a3199e5d30bc2a3e806a291e5c9421010ae6323dc37adfa56bcc0a82a38ab4
|
|
7
|
+
data.tar.gz: 6130fd8d01cc30f858dd8494d2fe73ff95c451796589728175dd25a29dced4b6f7ef21d889c870a260897c389b2c071dd12511d385c4093c80aaebbbed193e87
|
data/Gemfile.lock
CHANGED
data/lib/oso/client.rb
CHANGED
|
@@ -15,24 +15,73 @@ module Oso
|
|
|
15
15
|
POST('policy', { src: policy })
|
|
16
16
|
end
|
|
17
17
|
|
|
18
|
-
def authorize(actor, action, resource)
|
|
18
|
+
def authorize(actor, action, resource, context_facts = [])
|
|
19
19
|
actor_typed_id = extract_typed_id actor
|
|
20
20
|
resource_typed_id = extract_typed_id resource
|
|
21
21
|
result = POST('authorize', {
|
|
22
22
|
actor_type: actor_typed_id.type, actor_id: actor_typed_id.id,
|
|
23
23
|
action: action,
|
|
24
|
-
resource_type: resource_typed_id.type, resource_id: resource_typed_id.id
|
|
24
|
+
resource_type: resource_typed_id.type, resource_id: resource_typed_id.id,
|
|
25
|
+
context_facts: facts_to_params(context_facts)
|
|
25
26
|
})
|
|
26
27
|
allowed = result['allowed']
|
|
27
28
|
allowed
|
|
28
29
|
end
|
|
29
30
|
|
|
30
|
-
def
|
|
31
|
+
def authorize_resources(actor, action, resources, context_facts = [])
|
|
32
|
+
return [] if resources.nil?
|
|
33
|
+
return [] if resources.empty?
|
|
34
|
+
|
|
35
|
+
key = lambda do |type, id|
|
|
36
|
+
"#{type}:#{id}"
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
resources_extracted = resources.map { |r| extract_typed_id(r) }
|
|
40
|
+
actor_typed_id = extract_typed_id actor
|
|
41
|
+
result = POST('authorize_resources', {
|
|
42
|
+
actor_type: actor_typed_id.type, actor_id: actor_typed_id.id,
|
|
43
|
+
action: action,
|
|
44
|
+
resources: resources_extracted,
|
|
45
|
+
context_facts: facts_to_params(context_facts)
|
|
46
|
+
})
|
|
47
|
+
|
|
48
|
+
return [] if result['results'].empty?
|
|
49
|
+
|
|
50
|
+
results_lookup = Hash.new
|
|
51
|
+
result['results'].each do |r|
|
|
52
|
+
k = key.call(r['type'], r['id'])
|
|
53
|
+
if results_lookup[k] == nil
|
|
54
|
+
results_lookup[k] = true
|
|
55
|
+
end
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
results = resources.select do |r|
|
|
59
|
+
e = extract_typed_id(r)
|
|
60
|
+
exists = results_lookup[key.call(e.type, e.id)]
|
|
61
|
+
exists
|
|
62
|
+
end
|
|
63
|
+
results
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
def list(actor, action, resource_type, context_facts = [])
|
|
31
67
|
actor_typed_id = extract_typed_id actor
|
|
32
68
|
result = POST('list', {
|
|
33
69
|
actor_type: actor_typed_id.type, actor_id: actor_typed_id.id,
|
|
34
70
|
action: action,
|
|
35
71
|
resource_type: resource_type,
|
|
72
|
+
context_facts: facts_to_params(context_facts)
|
|
73
|
+
})
|
|
74
|
+
results = result['results']
|
|
75
|
+
results
|
|
76
|
+
end
|
|
77
|
+
|
|
78
|
+
def actions(actor, resource, context_facts = [])
|
|
79
|
+
actor_typed_id = extract_typed_id actor
|
|
80
|
+
resource_typed_id = extract_typed_id resource
|
|
81
|
+
result = POST('actions', {
|
|
82
|
+
actor_type: actor_typed_id.type, actor_id: actor_typed_id.id,
|
|
83
|
+
resource_type: resource_typed_id.type, resource_id: resource_typed_id.id,
|
|
84
|
+
context_facts: facts_to_params(context_facts)
|
|
36
85
|
})
|
|
37
86
|
results = result['results']
|
|
38
87
|
results
|
|
@@ -44,11 +93,7 @@ module Oso
|
|
|
44
93
|
end
|
|
45
94
|
|
|
46
95
|
def bulk_tell(facts)
|
|
47
|
-
|
|
48
|
-
typed_args = args.map { |a| extract_typed_id a}
|
|
49
|
-
{ predicate: predicate, args: typed_args }
|
|
50
|
-
}
|
|
51
|
-
POST('bulk_load', params)
|
|
96
|
+
POST('bulk_load', facts_to_params(facts))
|
|
52
97
|
end
|
|
53
98
|
|
|
54
99
|
def delete(predicate, *args)
|
|
@@ -57,11 +102,7 @@ module Oso
|
|
|
57
102
|
end
|
|
58
103
|
|
|
59
104
|
def bulk_delete(facts)
|
|
60
|
-
|
|
61
|
-
typed_args = args.map { |a| extract_typed_id a}
|
|
62
|
-
{ predicate: predicate, args: typed_args }
|
|
63
|
-
}
|
|
64
|
-
POST('bulk_delete', params)
|
|
105
|
+
POST('bulk_delete', facts_to_params(facts))
|
|
65
106
|
end
|
|
66
107
|
|
|
67
108
|
def get(predicate, *args)
|
|
@@ -141,6 +182,13 @@ module Oso
|
|
|
141
182
|
extract_typed_id(x)
|
|
142
183
|
end
|
|
143
184
|
|
|
185
|
+
def facts_to_params(facts)
|
|
186
|
+
facts.map { |predicate, *args|
|
|
187
|
+
typed_args = args.map { |a| extract_typed_id a}
|
|
188
|
+
{ predicate: predicate, args: typed_args }
|
|
189
|
+
}
|
|
190
|
+
end
|
|
191
|
+
|
|
144
192
|
TypedId = Struct.new(:type, :id, keyword_init: true) do
|
|
145
193
|
def to_json(*args)
|
|
146
194
|
to_h.to_json(*args)
|
data/lib/oso/version.rb
CHANGED
data/oso-cloud.gemspec
CHANGED
|
@@ -8,7 +8,7 @@ Gem::Specification.new do |spec|
|
|
|
8
8
|
spec.summary = 'Oso authorization library.'
|
|
9
9
|
spec.homepage = 'https://www.osohq.com/'
|
|
10
10
|
|
|
11
|
-
spec.required_ruby_version = Gem::Requirement.new('>= 2.
|
|
11
|
+
spec.required_ruby_version = Gem::Requirement.new('>= 2.7.0')
|
|
12
12
|
|
|
13
13
|
# Specify which files should be added to the gem when it is released.
|
|
14
14
|
# The `git ls-files -z` loads the files in the RubyGem that have been added into git.
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: oso-cloud
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.6.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Oso Security, Inc.
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-06-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: minitest
|
|
@@ -52,7 +52,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
52
52
|
requirements:
|
|
53
53
|
- - ">="
|
|
54
54
|
- !ruby/object:Gem::Version
|
|
55
|
-
version: 2.
|
|
55
|
+
version: 2.7.0
|
|
56
56
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
57
57
|
requirements:
|
|
58
58
|
- - ">="
|