oso-cloud 0.3.1 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +2 -2
  3. data/lib/oso/client.rb +61 -13
  4. data/lib/oso/version.rb +1 -1
  5. data/oso-cloud.gemspec +1 -1
  6. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f782a7cb7f39a37115f0a16e229d69b09f44d91a26228c3673dcd590b2395183
4
- data.tar.gz: 3e396a943707635a5ce4659bdb39b283e20cd1f06fb7b2bb7dc008fd2cea01ae
3
+ metadata.gz: f76c57bb36720bbfbd88a403db0e80304c1d29edd4ee24ffaf4a3e48ff34760f
4
+ data.tar.gz: bb077dcb1f83e4b376d302ecf91067aa0b06c466e9e6c4a39cfeea0851b553a5
5
5
  SHA512:
6
- metadata.gz: 8af7ceabb0bb8c434e5dc8dc378d40b3dcb08a6a4f17f464538f21f026349d9dcef3a28f79176dd893543f1be1e6e5560c0892ba8d2b73953b990c0d078a418b
7
- data.tar.gz: 2c87cb55cceedfde35f917e78882b02da50dade1bb1565fffa1648eb276754170a6ea79716828e21b6d345ec857f6f89d785df38a7513f8173acd4900a3215aa
6
+ metadata.gz: b0c91e6514431e826ac0729c15e008c5aed0a85a9eed6d4d60e59fb1b75919eac6a3199e5d30bc2a3e806a291e5c9421010ae6323dc37adfa56bcc0a82a38ab4
7
+ data.tar.gz: 6130fd8d01cc30f858dd8494d2fe73ff95c451796589728175dd25a29dced4b6f7ef21d889c870a260897c389b2c071dd12511d385c4093c80aaebbbed193e87
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- oso-cloud (0.3.1)
4
+ oso-cloud (0.6.0)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
@@ -18,4 +18,4 @@ DEPENDENCIES
18
18
  rake (~> 12.0)
19
19
 
20
20
  BUNDLED WITH
21
- 2.1.4
21
+ 2.3.13
data/lib/oso/client.rb CHANGED
@@ -15,24 +15,73 @@ module Oso
15
15
  POST('policy', { src: policy })
16
16
  end
17
17
 
18
- def authorize(actor, action, resource)
18
+ def authorize(actor, action, resource, context_facts = [])
19
19
  actor_typed_id = extract_typed_id actor
20
20
  resource_typed_id = extract_typed_id resource
21
21
  result = POST('authorize', {
22
22
  actor_type: actor_typed_id.type, actor_id: actor_typed_id.id,
23
23
  action: action,
24
- resource_type: resource_typed_id.type, resource_id: resource_typed_id.id
24
+ resource_type: resource_typed_id.type, resource_id: resource_typed_id.id,
25
+ context_facts: facts_to_params(context_facts)
25
26
  })
26
27
  allowed = result['allowed']
27
28
  allowed
28
29
  end
29
30
 
30
- def list(actor, action, resource_type)
31
+ def authorize_resources(actor, action, resources, context_facts = [])
32
+ return [] if resources.nil?
33
+ return [] if resources.empty?
34
+
35
+ key = lambda do |type, id|
36
+ "#{type}:#{id}"
37
+ end
38
+
39
+ resources_extracted = resources.map { |r| extract_typed_id(r) }
40
+ actor_typed_id = extract_typed_id actor
41
+ result = POST('authorize_resources', {
42
+ actor_type: actor_typed_id.type, actor_id: actor_typed_id.id,
43
+ action: action,
44
+ resources: resources_extracted,
45
+ context_facts: facts_to_params(context_facts)
46
+ })
47
+
48
+ return [] if result['results'].empty?
49
+
50
+ results_lookup = Hash.new
51
+ result['results'].each do |r|
52
+ k = key.call(r['type'], r['id'])
53
+ if results_lookup[k] == nil
54
+ results_lookup[k] = true
55
+ end
56
+ end
57
+
58
+ results = resources.select do |r|
59
+ e = extract_typed_id(r)
60
+ exists = results_lookup[key.call(e.type, e.id)]
61
+ exists
62
+ end
63
+ results
64
+ end
65
+
66
+ def list(actor, action, resource_type, context_facts = [])
31
67
  actor_typed_id = extract_typed_id actor
32
68
  result = POST('list', {
33
69
  actor_type: actor_typed_id.type, actor_id: actor_typed_id.id,
34
70
  action: action,
35
71
  resource_type: resource_type,
72
+ context_facts: facts_to_params(context_facts)
73
+ })
74
+ results = result['results']
75
+ results
76
+ end
77
+
78
+ def actions(actor, resource, context_facts = [])
79
+ actor_typed_id = extract_typed_id actor
80
+ resource_typed_id = extract_typed_id resource
81
+ result = POST('actions', {
82
+ actor_type: actor_typed_id.type, actor_id: actor_typed_id.id,
83
+ resource_type: resource_typed_id.type, resource_id: resource_typed_id.id,
84
+ context_facts: facts_to_params(context_facts)
36
85
  })
37
86
  results = result['results']
38
87
  results
@@ -44,11 +93,7 @@ module Oso
44
93
  end
45
94
 
46
95
  def bulk_tell(facts)
47
- params = facts.map { |predicate, *args|
48
- typed_args = args.map { |a| extract_typed_id a}
49
- { predicate: predicate, args: typed_args }
50
- }
51
- POST('bulk_load', params)
96
+ POST('bulk_load', facts_to_params(facts))
52
97
  end
53
98
 
54
99
  def delete(predicate, *args)
@@ -57,11 +102,7 @@ module Oso
57
102
  end
58
103
 
59
104
  def bulk_delete(facts)
60
- params = facts.map { |predicate, *args|
61
- typed_args = args.map { |a| extract_typed_id a}
62
- { predicate: predicate, args: typed_args }
63
- }
64
- POST('bulk_delete', params)
105
+ POST('bulk_delete', facts_to_params(facts))
65
106
  end
66
107
 
67
108
  def get(predicate, *args)
@@ -141,6 +182,13 @@ module Oso
141
182
  extract_typed_id(x)
142
183
  end
143
184
 
185
+ def facts_to_params(facts)
186
+ facts.map { |predicate, *args|
187
+ typed_args = args.map { |a| extract_typed_id a}
188
+ { predicate: predicate, args: typed_args }
189
+ }
190
+ end
191
+
144
192
  TypedId = Struct.new(:type, :id, keyword_init: true) do
145
193
  def to_json(*args)
146
194
  to_h.to_json(*args)
data/lib/oso/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Oso
2
- VERSION = '0.3.1'.freeze
2
+ VERSION = '0.6.0'.freeze
3
3
  end
data/oso-cloud.gemspec CHANGED
@@ -8,7 +8,7 @@ Gem::Specification.new do |spec|
8
8
  spec.summary = 'Oso authorization library.'
9
9
  spec.homepage = 'https://www.osohq.com/'
10
10
 
11
- spec.required_ruby_version = Gem::Requirement.new('>= 2.3.0')
11
+ spec.required_ruby_version = Gem::Requirement.new('>= 2.7.0')
12
12
 
13
13
  # Specify which files should be added to the gem when it is released.
14
14
  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: oso-cloud
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.1
4
+ version: 0.6.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Oso Security, Inc.
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2022-05-16 00:00:00.000000000 Z
11
+ date: 2022-06-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: minitest
@@ -52,7 +52,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
52
52
  requirements:
53
53
  - - ">="
54
54
  - !ruby/object:Gem::Version
55
- version: 2.3.0
55
+ version: 2.7.0
56
56
  required_rubygems_version: !ruby/object:Gem::Requirement
57
57
  requirements:
58
58
  - - ">="