oso-cloud 0.4.0 → 0.7.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +1 -1
  3. data/lib/oso/client.rb +61 -13
  4. data/lib/oso/version.rb +1 -1
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ae0bc3e70a6d9ea8aeb9f6f02af64afa1ca65099ea036d75d2a611bed86e3f83
4
- data.tar.gz: d46f670990a2ffff708c3a72d54f9bed2da6602e8699d3ffab3108d18750851a
3
+ metadata.gz: 69149698f1269f5bd98bf3072671992b364170e0ff5264132fde524f10d997b2
4
+ data.tar.gz: ccd52aa2087dfadffc11dce6343aaad7abf10ec3cb2099a8b01df8f19f3e88d4
5
5
  SHA512:
6
- metadata.gz: 118581772825e045e4f1237a43d8d8077fef30c2f8118d9886ab5d3bbfdbdfa1de383216b2426520a0aee0e0b61239a0153c177cac48de874b4832fac87b50a3
7
- data.tar.gz: 6a66ab888f95a43e64ae69e3d8e9c378077da17d5dd580185b25b77371c532bb2ec169df9cdd6781cf0f43b11a68ded664d26ed9efff0d877f9019e75967a2aa
6
+ metadata.gz: 2cc987575b2ef6ff3b7bdff48b575c23f1a6739ba5553a44f00731700e03b89a854d71bac3fd60b41bf76854d9b38fb9b380ee2eb7b4abdc7a0338abcb48b3ed
7
+ data.tar.gz: afa3922a254311adf4616372c15b3c51c834339d89c5cc3942c86d261e12121d919b8879dd9494e28cb71b7f318f060924e1852cae28e36e7fcf385c70591cb1
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- oso-cloud (0.4.0)
4
+ oso-cloud (0.7.0)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
data/lib/oso/client.rb CHANGED
@@ -15,24 +15,73 @@ module Oso
15
15
  POST('policy', { src: policy })
16
16
  end
17
17
 
18
- def authorize(actor, action, resource)
18
+ def authorize(actor, action, resource, context_facts = [])
19
19
  actor_typed_id = extract_typed_id actor
20
20
  resource_typed_id = extract_typed_id resource
21
21
  result = POST('authorize', {
22
22
  actor_type: actor_typed_id.type, actor_id: actor_typed_id.id,
23
23
  action: action,
24
- resource_type: resource_typed_id.type, resource_id: resource_typed_id.id
24
+ resource_type: resource_typed_id.type, resource_id: resource_typed_id.id,
25
+ context_facts: facts_to_params(context_facts)
25
26
  })
26
27
  allowed = result['allowed']
27
28
  allowed
28
29
  end
29
30
 
30
- def list(actor, action, resource_type)
31
+ def authorize_resources(actor, action, resources, context_facts = [])
32
+ return [] if resources.nil?
33
+ return [] if resources.empty?
34
+
35
+ key = lambda do |type, id|
36
+ "#{type}:#{id}"
37
+ end
38
+
39
+ resources_extracted = resources.map { |r| extract_typed_id(r) }
40
+ actor_typed_id = extract_typed_id actor
41
+ result = POST('authorize_resources', {
42
+ actor_type: actor_typed_id.type, actor_id: actor_typed_id.id,
43
+ action: action,
44
+ resources: resources_extracted,
45
+ context_facts: facts_to_params(context_facts)
46
+ })
47
+
48
+ return [] if result['results'].empty?
49
+
50
+ results_lookup = Hash.new
51
+ result['results'].each do |r|
52
+ k = key.call(r['type'], r['id'])
53
+ if results_lookup[k] == nil
54
+ results_lookup[k] = true
55
+ end
56
+ end
57
+
58
+ results = resources.select do |r|
59
+ e = extract_typed_id(r)
60
+ exists = results_lookup[key.call(e.type, e.id)]
61
+ exists
62
+ end
63
+ results
64
+ end
65
+
66
+ def list(actor, action, resource_type, context_facts = [])
31
67
  actor_typed_id = extract_typed_id actor
32
68
  result = POST('list', {
33
69
  actor_type: actor_typed_id.type, actor_id: actor_typed_id.id,
34
70
  action: action,
35
71
  resource_type: resource_type,
72
+ context_facts: facts_to_params(context_facts)
73
+ })
74
+ results = result['results']
75
+ results
76
+ end
77
+
78
+ def actions(actor, resource, context_facts = [])
79
+ actor_typed_id = extract_typed_id actor
80
+ resource_typed_id = extract_typed_id resource
81
+ result = POST('actions', {
82
+ actor_type: actor_typed_id.type, actor_id: actor_typed_id.id,
83
+ resource_type: resource_typed_id.type, resource_id: resource_typed_id.id,
84
+ context_facts: facts_to_params(context_facts)
36
85
  })
37
86
  results = result['results']
38
87
  results
@@ -44,11 +93,7 @@ module Oso
44
93
  end
45
94
 
46
95
  def bulk_tell(facts)
47
- params = facts.map { |predicate, *args|
48
- typed_args = args.map { |a| extract_typed_id a}
49
- { predicate: predicate, args: typed_args }
50
- }
51
- POST('bulk_load', params)
96
+ POST('bulk_load', facts_to_params(facts))
52
97
  end
53
98
 
54
99
  def delete(predicate, *args)
@@ -57,11 +102,7 @@ module Oso
57
102
  end
58
103
 
59
104
  def bulk_delete(facts)
60
- params = facts.map { |predicate, *args|
61
- typed_args = args.map { |a| extract_typed_id a}
62
- { predicate: predicate, args: typed_args }
63
- }
64
- POST('bulk_delete', params)
105
+ POST('bulk_delete', facts_to_params(facts))
65
106
  end
66
107
 
67
108
  def get(predicate, *args)
@@ -141,6 +182,13 @@ module Oso
141
182
  extract_typed_id(x)
142
183
  end
143
184
 
185
+ def facts_to_params(facts)
186
+ facts.map { |predicate, *args|
187
+ typed_args = args.map { |a| extract_typed_id a}
188
+ { predicate: predicate, args: typed_args }
189
+ }
190
+ end
191
+
144
192
  TypedId = Struct.new(:type, :id, keyword_init: true) do
145
193
  def to_json(*args)
146
194
  to_h.to_json(*args)
data/lib/oso/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Oso
2
- VERSION = '0.4.0'.freeze
2
+ VERSION = '0.7.0'.freeze
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: oso-cloud
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.0
4
+ version: 0.7.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Oso Security, Inc.
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2022-05-18 00:00:00.000000000 Z
11
+ date: 2022-06-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: minitest