oso-cloud 0.5.0 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/lib/oso/client.rb +20 -17
- data/lib/oso/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f76c57bb36720bbfbd88a403db0e80304c1d29edd4ee24ffaf4a3e48ff34760f
|
|
4
|
+
data.tar.gz: bb077dcb1f83e4b376d302ecf91067aa0b06c466e9e6c4a39cfeea0851b553a5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b0c91e6514431e826ac0729c15e008c5aed0a85a9eed6d4d60e59fb1b75919eac6a3199e5d30bc2a3e806a291e5c9421010ae6323dc37adfa56bcc0a82a38ab4
|
|
7
|
+
data.tar.gz: 6130fd8d01cc30f858dd8494d2fe73ff95c451796589728175dd25a29dced4b6f7ef21d889c870a260897c389b2c071dd12511d385c4093c80aaebbbed193e87
|
data/Gemfile.lock
CHANGED
data/lib/oso/client.rb
CHANGED
|
@@ -15,19 +15,20 @@ module Oso
|
|
|
15
15
|
POST('policy', { src: policy })
|
|
16
16
|
end
|
|
17
17
|
|
|
18
|
-
def authorize(actor, action, resource)
|
|
18
|
+
def authorize(actor, action, resource, context_facts = [])
|
|
19
19
|
actor_typed_id = extract_typed_id actor
|
|
20
20
|
resource_typed_id = extract_typed_id resource
|
|
21
21
|
result = POST('authorize', {
|
|
22
22
|
actor_type: actor_typed_id.type, actor_id: actor_typed_id.id,
|
|
23
23
|
action: action,
|
|
24
|
-
resource_type: resource_typed_id.type, resource_id: resource_typed_id.id
|
|
24
|
+
resource_type: resource_typed_id.type, resource_id: resource_typed_id.id,
|
|
25
|
+
context_facts: facts_to_params(context_facts)
|
|
25
26
|
})
|
|
26
27
|
allowed = result['allowed']
|
|
27
28
|
allowed
|
|
28
29
|
end
|
|
29
30
|
|
|
30
|
-
def authorize_resources(actor, action, resources)
|
|
31
|
+
def authorize_resources(actor, action, resources, context_facts = [])
|
|
31
32
|
return [] if resources.nil?
|
|
32
33
|
return [] if resources.empty?
|
|
33
34
|
|
|
@@ -40,7 +41,8 @@ module Oso
|
|
|
40
41
|
result = POST('authorize_resources', {
|
|
41
42
|
actor_type: actor_typed_id.type, actor_id: actor_typed_id.id,
|
|
42
43
|
action: action,
|
|
43
|
-
resources: resources_extracted
|
|
44
|
+
resources: resources_extracted,
|
|
45
|
+
context_facts: facts_to_params(context_facts)
|
|
44
46
|
})
|
|
45
47
|
|
|
46
48
|
return [] if result['results'].empty?
|
|
@@ -61,23 +63,25 @@ module Oso
|
|
|
61
63
|
results
|
|
62
64
|
end
|
|
63
65
|
|
|
64
|
-
def list(actor, action, resource_type)
|
|
66
|
+
def list(actor, action, resource_type, context_facts = [])
|
|
65
67
|
actor_typed_id = extract_typed_id actor
|
|
66
68
|
result = POST('list', {
|
|
67
69
|
actor_type: actor_typed_id.type, actor_id: actor_typed_id.id,
|
|
68
70
|
action: action,
|
|
69
71
|
resource_type: resource_type,
|
|
72
|
+
context_facts: facts_to_params(context_facts)
|
|
70
73
|
})
|
|
71
74
|
results = result['results']
|
|
72
75
|
results
|
|
73
76
|
end
|
|
74
|
-
|
|
75
|
-
def actions(actor, resource)
|
|
77
|
+
|
|
78
|
+
def actions(actor, resource, context_facts = [])
|
|
76
79
|
actor_typed_id = extract_typed_id actor
|
|
77
80
|
resource_typed_id = extract_typed_id resource
|
|
78
81
|
result = POST('actions', {
|
|
79
82
|
actor_type: actor_typed_id.type, actor_id: actor_typed_id.id,
|
|
80
83
|
resource_type: resource_typed_id.type, resource_id: resource_typed_id.id,
|
|
84
|
+
context_facts: facts_to_params(context_facts)
|
|
81
85
|
})
|
|
82
86
|
results = result['results']
|
|
83
87
|
results
|
|
@@ -89,11 +93,7 @@ module Oso
|
|
|
89
93
|
end
|
|
90
94
|
|
|
91
95
|
def bulk_tell(facts)
|
|
92
|
-
|
|
93
|
-
typed_args = args.map { |a| extract_typed_id a}
|
|
94
|
-
{ predicate: predicate, args: typed_args }
|
|
95
|
-
}
|
|
96
|
-
POST('bulk_load', params)
|
|
96
|
+
POST('bulk_load', facts_to_params(facts))
|
|
97
97
|
end
|
|
98
98
|
|
|
99
99
|
def delete(predicate, *args)
|
|
@@ -102,11 +102,7 @@ module Oso
|
|
|
102
102
|
end
|
|
103
103
|
|
|
104
104
|
def bulk_delete(facts)
|
|
105
|
-
|
|
106
|
-
typed_args = args.map { |a| extract_typed_id a}
|
|
107
|
-
{ predicate: predicate, args: typed_args }
|
|
108
|
-
}
|
|
109
|
-
POST('bulk_delete', params)
|
|
105
|
+
POST('bulk_delete', facts_to_params(facts))
|
|
110
106
|
end
|
|
111
107
|
|
|
112
108
|
def get(predicate, *args)
|
|
@@ -186,6 +182,13 @@ module Oso
|
|
|
186
182
|
extract_typed_id(x)
|
|
187
183
|
end
|
|
188
184
|
|
|
185
|
+
def facts_to_params(facts)
|
|
186
|
+
facts.map { |predicate, *args|
|
|
187
|
+
typed_args = args.map { |a| extract_typed_id a}
|
|
188
|
+
{ predicate: predicate, args: typed_args }
|
|
189
|
+
}
|
|
190
|
+
end
|
|
191
|
+
|
|
189
192
|
TypedId = Struct.new(:type, :id, keyword_init: true) do
|
|
190
193
|
def to_json(*args)
|
|
191
194
|
to_h.to_json(*args)
|
data/lib/oso/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: oso-cloud
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.6.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Oso Security, Inc.
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-06-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: minitest
|