RubyGems - oso-cloud - Versions diffs - 0.4.0 → 0.7.0 - Mend

oso-cloud 0.4.0 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ae0bc3e70a6d9ea8aeb9f6f02af64afa1ca65099ea036d75d2a611bed86e3f83
-  data.tar.gz: d46f670990a2ffff708c3a72d54f9bed2da6602e8699d3ffab3108d18750851a
+  metadata.gz: 69149698f1269f5bd98bf3072671992b364170e0ff5264132fde524f10d997b2
+  data.tar.gz: ccd52aa2087dfadffc11dce6343aaad7abf10ec3cb2099a8b01df8f19f3e88d4
 SHA512:
-  metadata.gz: 118581772825e045e4f1237a43d8d8077fef30c2f8118d9886ab5d3bbfdbdfa1de383216b2426520a0aee0e0b61239a0153c177cac48de874b4832fac87b50a3
-  data.tar.gz: 6a66ab888f95a43e64ae69e3d8e9c378077da17d5dd580185b25b77371c532bb2ec169df9cdd6781cf0f43b11a68ded664d26ed9efff0d877f9019e75967a2aa
+  metadata.gz: 2cc987575b2ef6ff3b7bdff48b575c23f1a6739ba5553a44f00731700e03b89a854d71bac3fd60b41bf76854d9b38fb9b380ee2eb7b4abdc7a0338abcb48b3ed
+  data.tar.gz: afa3922a254311adf4616372c15b3c51c834339d89c5cc3942c86d261e12121d919b8879dd9494e28cb71b7f318f060924e1852cae28e36e7fcf385c70591cb1

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    oso-cloud (0.4.0)
+    oso-cloud (0.7.0)
 GEM
   remote: https://rubygems.org/

data/lib/oso/client.rb CHANGED Viewed

@@ -15,24 +15,73 @@ module Oso
       POST('policy', { src: policy })
     end
-    def authorize(actor, action, resource)
+    def authorize(actor, action, resource, context_facts = [])
       actor_typed_id = extract_typed_id actor
       resource_typed_id = extract_typed_id resource
       result = POST('authorize', {
         actor_type: actor_typed_id.type, actor_id: actor_typed_id.id,
         action: action,
-        resource_type: resource_typed_id.type, resource_id: resource_typed_id.id
+        resource_type: resource_typed_id.type, resource_id: resource_typed_id.id,
+        context_facts: facts_to_params(context_facts)
       })
       allowed = result['allowed']
       allowed
     end
-    def list(actor, action, resource_type)
+    def authorize_resources(actor, action, resources, context_facts = [])
+      return [] if resources.nil?
+      return [] if resources.empty?
+      key = lambda do |type, id|
+        "#{type}:#{id}"
+      end
+      resources_extracted = resources.map { |r| extract_typed_id(r) }
+      actor_typed_id = extract_typed_id actor
+      result = POST('authorize_resources', {
+        actor_type: actor_typed_id.type, actor_id: actor_typed_id.id,
+        action: action,
+        resources: resources_extracted,
+        context_facts: facts_to_params(context_facts)
+      })
+      return [] if result['results'].empty?
+      results_lookup = Hash.new
+      result['results'].each do |r|
+        k = key.call(r['type'], r['id'])
+        if results_lookup[k] == nil
+          results_lookup[k] = true
+        end
+      end
+      results = resources.select do |r|
+        e = extract_typed_id(r)
+        exists = results_lookup[key.call(e.type, e.id)]
+        exists
+      end
+      results
+    end
+    def list(actor, action, resource_type, context_facts = [])
       actor_typed_id = extract_typed_id actor
       result = POST('list', {
         actor_type: actor_typed_id.type, actor_id: actor_typed_id.id,
         action: action,
         resource_type: resource_type,
+        context_facts: facts_to_params(context_facts)
+      })
+      results = result['results']
+      results
+    end
+    def actions(actor, resource, context_facts = [])
+      actor_typed_id = extract_typed_id actor
+      resource_typed_id = extract_typed_id resource
+      result = POST('actions', {
+        actor_type: actor_typed_id.type, actor_id: actor_typed_id.id,
+        resource_type: resource_typed_id.type, resource_id: resource_typed_id.id,
+        context_facts: facts_to_params(context_facts)
       })
       results = result['results']
       results
@@ -44,11 +93,7 @@ module Oso
     end
     def bulk_tell(facts)
-      params = facts.map { |predicate, *args|
-        typed_args = args.map { |a| extract_typed_id a}
-        { predicate: predicate, args: typed_args }
-      }
-      POST('bulk_load', params)
+      POST('bulk_load', facts_to_params(facts))
     end
     def delete(predicate, *args)
@@ -57,11 +102,7 @@ module Oso
     end
     def bulk_delete(facts)
-      params = facts.map { |predicate, *args|
-        typed_args = args.map { |a| extract_typed_id a}
-        { predicate: predicate, args: typed_args }
-      }
-      POST('bulk_delete', params)
+      POST('bulk_delete', facts_to_params(facts))
     end
     def get(predicate, *args)
@@ -141,6 +182,13 @@ module Oso
       extract_typed_id(x)
     end
+    def facts_to_params(facts)
+      facts.map { |predicate, *args|
+        typed_args = args.map { |a| extract_typed_id a}
+        { predicate: predicate, args: typed_args }
+      }
+    end
     TypedId = Struct.new(:type, :id, keyword_init: true) do
       def to_json(*args)
         to_h.to_json(*args)

data/lib/oso/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Oso
-  VERSION = '0.4.0'.freeze
+  VERSION = '0.7.0'.freeze
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: oso-cloud
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.7.0
 platform: ruby
 authors:
 - Oso Security, Inc.
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-05-18 00:00:00.000000000 Z
+date: 2022-06-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: minitest