oso-cloud 0.4.0 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/lib/oso/client.rb +45 -0
- data/lib/oso/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7358c36375c04ca97c57ca8f326b49f1610b3a256aed07550a61a0f8208484aa
|
|
4
|
+
data.tar.gz: bf8823521cd89afe363c7a1241f7642c8badf49dc57a0a785330d129b963fe68
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f7a1a6b6167562bb18fa9be85995a7e14384bc551d5ae0da3201f61aa8ece1c77ad7e1eaba9c47107feb2e7f8a92619cf92d386ce82525df601118f3744b47c2
|
|
7
|
+
data.tar.gz: '09d05422cfd5af07383c358d734e64a52a8508653c4719b6501c393c7ca52a85c68b26a973efbfca7a1ab5c172c1f01bd4418f8eec6906fabc0ee31bb2bde26a'
|
data/Gemfile.lock
CHANGED
data/lib/oso/client.rb
CHANGED
|
@@ -27,6 +27,40 @@ module Oso
|
|
|
27
27
|
allowed
|
|
28
28
|
end
|
|
29
29
|
|
|
30
|
+
def authorize_resources(actor, action, resources)
|
|
31
|
+
return [] if resources.nil?
|
|
32
|
+
return [] if resources.empty?
|
|
33
|
+
|
|
34
|
+
key = lambda do |type, id|
|
|
35
|
+
"#{type}:#{id}"
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
resources_extracted = resources.map { |r| extract_typed_id(r) }
|
|
39
|
+
actor_typed_id = extract_typed_id actor
|
|
40
|
+
result = POST('authorize_resources', {
|
|
41
|
+
actor_type: actor_typed_id.type, actor_id: actor_typed_id.id,
|
|
42
|
+
action: action,
|
|
43
|
+
resources: resources_extracted
|
|
44
|
+
})
|
|
45
|
+
|
|
46
|
+
return [] if result['results'].empty?
|
|
47
|
+
|
|
48
|
+
results_lookup = Hash.new
|
|
49
|
+
result['results'].each do |r|
|
|
50
|
+
k = key.call(r['type'], r['id'])
|
|
51
|
+
if results_lookup[k] == nil
|
|
52
|
+
results_lookup[k] = true
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
results = resources.select do |r|
|
|
57
|
+
e = extract_typed_id(r)
|
|
58
|
+
exists = results_lookup[key.call(e.type, e.id)]
|
|
59
|
+
exists
|
|
60
|
+
end
|
|
61
|
+
results
|
|
62
|
+
end
|
|
63
|
+
|
|
30
64
|
def list(actor, action, resource_type)
|
|
31
65
|
actor_typed_id = extract_typed_id actor
|
|
32
66
|
result = POST('list', {
|
|
@@ -37,6 +71,17 @@ module Oso
|
|
|
37
71
|
results = result['results']
|
|
38
72
|
results
|
|
39
73
|
end
|
|
74
|
+
|
|
75
|
+
def actions(actor, resource)
|
|
76
|
+
actor_typed_id = extract_typed_id actor
|
|
77
|
+
resource_typed_id = extract_typed_id resource
|
|
78
|
+
result = POST('actions', {
|
|
79
|
+
actor_type: actor_typed_id.type, actor_id: actor_typed_id.id,
|
|
80
|
+
resource_type: resource_typed_id.type, resource_id: resource_typed_id.id,
|
|
81
|
+
})
|
|
82
|
+
results = result['results']
|
|
83
|
+
results
|
|
84
|
+
end
|
|
40
85
|
|
|
41
86
|
def tell(predicate, *args)
|
|
42
87
|
typed_args = args.map { |a| extract_typed_id a}
|
data/lib/oso/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: oso-cloud
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.5.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Oso Security, Inc.
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-05-
|
|
11
|
+
date: 2022-05-31 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: minitest
|